- Print
- PDF
ACG
- Print
- PDF
Available in VPC
ACG describes the screen configuration of the ACG menu and ACG information and explains how to create, set, and delete an ACG.
Access Control Group (ACG) is an IP/Port-based filtering firewall service that enables you to control and manage network access between servers. By using ACG, you can easily establish and manage ACG rules for server groups without needing to separately manage the existing firewalls (iptables, UFW, and Windows firewall). You can use the ACG provided by default in NAVER Cloud Platform, or set rules for the ACG you create to use it.
- You can create up to 500 ACGs per VPC.
- You can apply up to 3 ACGs per network interface.
- For one ACG, you can create 50 inbound and outbound rules each.
Check ACG information
You can check ACG information on the ACG page.
ACG page
From the NAVER Cloud Platform portal, click the Console > Services > Compute> Server > ACG menus, in that order, to view the ACG page.
The ACG page is laid out as follows:
Field | Description |
---|---|
① Menu name | Name of the menu currently being checked and the number of created ACGs |
② Basic features | Features provided on the first page when the user enters the ACG menu
|
③ Post-creation features | Features provided after creating the ACG
|
④ Search window and filter | You can search ACG by the ACG/applied server/VPC name, and filter in accordance with the server application status |
⑤ ACG list | List of created ACGs
|
Create ACG
When creating VPC on NAVER Cloud Platform, the Default ACG is automatically created, but you can separately create an ACG to use. For more information about Default ACG, see ACG specifications.
The following describes how to create an ACG.
- Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
- Click the Services > Compute > Server menus, in that order.
- Click the ACG menu.
- Click the [Create ACG] button.
- Enter the ACG name, specify the VPC, and then click the [Create] button.
- An ACG is created and displayed in the ACG list.
- The ACG created by the user has no default inbound or outbound rules. Set the rules through Set ACG.
Set ACG
The following describes how to set detailed rules for the Default ACG and the ACGs you created.
If the ACG outbound rule settings do not exist, the request packet sent from the server may be blocked.
Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
Click the Services > Compute > Server menus, in that order.
Click the ACG menu.
Click to select the ACG to set rules for from the ACG list, and then click the [Set ACG] button.
Enter the detailed rules by referring to the following table, and then click the [Add] button.
Item Setup method Examples Protocol Select from TCP, UDP, ICMP, and PROTOCOL NUMBER - Access source Enter the IP address or ACG name - IP address
- Specify single IP address or range of IP network addresses in CIDR format
- When you enter the CIDR address, enter the network address followed by subnet bits including slash (/)
- ACG name
- Specify all objects in the target ACG as access source
- Example of entering CIDR: 0.0.0.0/0, 192.168.1.0/24
- Example of entering ACG name: my-acg-1 (preset name of ACG)
Allowed port Enter the allowed port range for selecting TCP and UDP - 22 (for ssh service)
- 3389 (for remote Windows access)
Notes Enter briefly, if necessary - - You can check the number defined as the PROTOCOL NUMBER in IANA.
After adding all the rules, click the [Apply] button.
- The set rules are applied to ACG.
ACG rule settings example
The frequently used ACG rules are as follows:
Allows access to SSH service from a specific IP address
Protocol Access source Allowed port TCP 192.168.77.17 22 Allows access to SSH service from a specific IP address range (1)
Protocol Access source Allowed port TCP 192.168.77.0/24 22 Allows access to SSH service from a specific IP address range (2)
Protocol Access source Allowed port TCP 192.168.77.128/25 22 Allows SSH access between servers assigned to ACG named Test-ACG
Protocol Access source Allowed port TCP Test-ACG 22 Sets the ncloud-load-balancer, an ACG for the load balancer, as an access source to allow network access to the web server that the load balancer binds
- Even if several load balancers are created, the ACG name must be the same
Protocol Access source Allowed port TCP ncloud-load-balancer 80 Allows access to UDP 22-1025 port from specific IPs
Protocol Access source Allowed port UDP 192.168.77.17 22-1025 Allows access to the entire web service
Protocol Access source Allowed port TCP 0.0.0.0/0 80
Delete ACG
The following describes how to delete an ACG.
- You cannot delete several ACGs at the same time.
- You can't delete ACGs applied to servers.
- Click the environment you are using in the Region menu and Platform menu of NAVER Cloud Platform console.
- Click the Services > Compute > Server menus, in that order.
- Click the ACG menu.
- Click to select the ACG to delete from the ACG list, and then click the [Delete ACG] button.
- Check the details in the confirmation pop-up window and click the [Yes] button.
- The ACG is deleted and disappears from the list.