Creating a security group for traffic to and from the outside

This security group brings together rules for traffic allowed from external networks to the firewall and protected hosts, and from protected networks to the outside.
In this technical note, the following inbound traffic streams allowed :

• SSH: access to the firewall in console,
• SSH redirection port (e.g., TCP port 2222): access to the protected web server in console,
• HTTPS: access to the firewall’s web administration interface,
• HTTP: access to the web server protected by the firewall.

Creating the security group

In the COCKPIT 3DS OUTSCALE console, under the Network/Security menu:

1. Select Security groups.
2. Click on Create.
3. Name the security group (e.g., Documentation-Security-Group).
4. Add a description (e.g., SSH HTTPS HTTP Inbound access).
5. Select the VPC (Documentation-VPC in the example).
6. Click on Create.

Creating security rules corresponding to traffic allowed with the outside

1. Select the security group created earlier (Documentation-Security-Group in the example).
   The list of rules attached to the security group appears in the lower section of the configuration window.
   
2. In the list of rules, click on Create rule.
3. Select Inbound mode.
4. Set SSH as the protocol.
5. Click on All IPs.
6. Click on the + symbol.
7. Repeat steps 3 to 6 with HTTP and HTTPS.
8. Repeat steps 3 to 6 with the values Inbound, Custom, TCP, 2222 and All IPs.
9. Confirm the rules by clicking on Create.

IMPORTANT
A rule allowing outbound traffic will automatically be created.
This rule must not be deleted because it allows outbound traffic that is necessary to get security updates for instances deployed in the VPC.

The list of rules regarding traffic allowed for the security group will then look like this: