Login
      Contents x
      ACG
        • Print
        • PDF
        Contents

        ACG

          • Print
          • PDF
          Article Summary

          Available in VPC

          ACG describes the screen configuration of the ACG menu and ACG information and explains how to create, set, and delete an ACG.

          Access Control Group (ACG) is an IP/Port-based filtering firewall service that enables you to control and manage network access between servers. By using ACG, you can easily establish and manage ACG rules for server groups without needing to separately manage the existing firewalls (iptables, UFW, and Windows firewall). You can use the ACG provided by default in NAVER Cloud Platform, or set rules for the ACG you create to use it.

          Note
          • You can create up to 500 ACGs per VPC.
          • You can apply up to 3 ACGs per network interface.
          • For one ACG, you can create 50 inbound and outbound rules each.

          Check ACG information

          You can check ACG information on the ACG page.

          ACG page

          From the NAVER Cloud Platform portal, click the Console > Services > Compute> Server > ACG menus, in that order, to view the ACG page.

          The ACG page is laid out as follows:

          server-acg-vpc_screen_en

          FieldDescription
          ① Menu nameName of the menu currently being checked and the number of created ACGs
          ② Basic featuresFeatures provided on the first page when the user enters the ACG menu
          • [Create ACG] button: click to create ACG
          • [Learn more about products] button: click to move to the Server introduction page
          • [Download] button: click to download the ACG list as an Excel file
          • [Refresh] button: click to refresh the ACG list
          ③ Post-creation featuresFeatures provided after creating the ACG
          ④ Search window and filterYou can search ACG by the ACG/applied server/VPC name, and filter in accordance with the server application status
          ⑤ ACG listList of created ACGs
          • ACG name: name entered when creating ACG
          • ACG ID: unique ID automatically granted when creating ACG
          • VPC name: VPC name with ACG applied
          • Number of applied Network Interfaces: number of network interfaces with the ACG applied
          • Applied Network Interface (server): list of network interfaces with the ACG applied
          • Number of Inbound rules: number of rules set as inbound rules
          • Number of outbound rules: number of rules set as outbound rules
          • Creation date and time: date when the ACG is created
          • [Inbound rules] tab: displays inbound rules information
          • [Outbound rules] tab: displays outbound rules information

          Create ACG

          When creating VPC on NAVER Cloud Platform, the Default ACG is automatically created, but you can separately create an ACG to use. For more information about Default ACG, see ACG specifications.

          The following describes how to create an ACG.

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click the Services > Compute > Server menus, in that order.
          3. Click the ACG menu.
          4. Click the [Create ACG] button.
          5. Enter the ACG name, specify the VPC, and then click the [Create] button.
            • An ACG is created and displayed in the ACG list.
            • The ACG created by the user has no default inbound or outbound rules. Set the rules through Set ACG.

          Set ACG

          The following describes how to set detailed rules for the Default ACG and the ACGs you created.

          Caution

          If the ACG outbound rule settings do not exist, the request packet sent from the server may be blocked.

          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.

          2. Click the Services > Compute > Server menus, in that order.

          3. Click the ACG menu.

          4. Click to select the ACG to set rules for from the ACG list, and then click the [Set ACG] button.

          5. Enter the detailed rules by referring to the following table, and then click the [Add] button.

            ItemSetup methodExamples
            ProtocolSelect from TCP, UDP, ICMP, and PROTOCOL NUMBER-
            Access sourceEnter the IP address or ACG name
            • IP address
              • Specify single IP address or range of IP network addresses in CIDR format
              • When you enter the CIDR address, enter the network address followed by subnet bits including slash (/)
            • ACG name
              • Specify all objects in the target ACG as access source
            • Example of entering CIDR: 0.0.0.0/0, 192.168.1.0/24
            • Example of entering ACG name: my-acg-1 (preset name of ACG)
            Allowed portEnter the allowed port range for selecting TCP and UDP
            • 22 (for ssh service)
            • 3389 (for remote Windows access)
            NotesEnter briefly, if necessary-
            • You can check the number defined as the PROTOCOL NUMBER in IANA.

          6. After adding all the rules, click the [Apply] button.

            • The set rules are applied to ACG.

          ACG rule settings example

          The frequently used ACG rules are as follows:

          • Allows access to SSH service from a specific IP address

            ProtocolAccess sourceAllowed port
            TCP192.168.77.1722

          • Allows access to SSH service from a specific IP address range (1)

            ProtocolAccess sourceAllowed port
            TCP192.168.77.0/2422

          • Allows access to SSH service from a specific IP address range (2)

            ProtocolAccess sourceAllowed port
            TCP192.168.77.128/2522

          • Allows SSH access between servers assigned to ACG named Test-ACG

            ProtocolAccess sourceAllowed port
            TCPTest-ACG22

          • Sets the ncloud-load-balancer, an ACG for the load balancer, as an access source to allow network access to the web server that the load balancer binds

            • Even if several load balancers are created, the ACG name must be the same
            ProtocolAccess sourceAllowed port
            TCPncloud-load-balancer80

          • Allows access to UDP 22-1025 port from specific IPs

            ProtocolAccess sourceAllowed port
            UDP192.168.77.1722-1025

          • Allows access to the entire web service

            ProtocolAccess sourceAllowed port
            TCP0.0.0.0/080

          Delete ACG

          The following describes how to delete an ACG.

          Note
          • You cannot delete several ACGs at the same time.
          • You can't delete ACGs applied to servers.
          1. Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
          2. Click the Services > Compute > Server menus, in that order.
          3. Click the ACG menu.
          4. Click to select the ACG to delete from the ACG list, and then click the [Delete ACG] button.
          5. Check the details in the confirmation pop-up window and click the [Yes] button.
            • The ACG is deleted and disappears from the list.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout