ACG

Prev Next

Available in VPC

You can create, set, and delete an ACG in the ACG interface. You can also see the ACG details.

Access Control Group (ACG) is an IP/Port-based filtering firewall service that enables you to control and manage network access between servers. By using ACG, you can easily establish and manage ACG rules for server groups without needing to separately manage the existing firewalls (iptables, UFW, and Windows firewall). You can use the ACG provided by default in NAVER Cloud Platform, or set rules for the ACG you create to use it.

Note
  • You can create up to 500 ACGs per VPC.
  • You can apply up to 3 ACGs per network interface.
  • For 1 ACG, you can create 50 inbound and outbound rules each.

Check ACG information

You can check ACG information on the ACG interface.

ACG interface

From the NAVER Cloud Platform portal, navigate to Console > Menu > Services > Compute > Server > ACG to view the ACG interface.

The ACG interface includes the following components:

server-acg-vpc_screen_ko

Component Description
① Menu name Current menu name and the number of created ACGs.
② Basic features Features displayed when you first access the ACG menu.
  • [Create ACG]: Click to Create ACG.
  • [Learn more]: Go to the Server overview page.
  • [Download]: Download the ACG list as an Excel file.
  • [Refresh]: Reload the ACG list.
③ Post-creation features Features available after creating an ACG.
④ Search bar and filter You can search for ACGs by ACG, applied server, or VPC name, and filter them based on the server application status.
⑤ ACG list The list of created ACGs.
  • ACG name: The name you entered when creating the ACG.
  • ACG ID: An unique ID assigned to the ACG automatically when created.
  • VPC name: The name of the VPC where the ACG is applied.
  • Number of network interface applied: The number of network interfaces with the ACG applied.
  • Applied network interface (server): The list of network interfaces with the ACG applied.
  • Number of inbound rules: The number of inbound rules.
  • Number of outbound rules: The number of outbound rules.
  • Creation date and time: The date and time when the ACG was created.
  • [Inbound rule] tab: Shows inbound rule information.
  • [Outbound rule] tab: Shows outbound rule information.

Create ACG

When creating VPC on NAVER Cloud Platform, the Default ACG is automatically created, but you can separately create an ACG to use. For more information about Default ACG, see ACG specifications.

To create an ACG:

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to Menu > Services > Compute > Server.
  2. Click the ACG menu.
  3. Click [Create ACG].
  4. Enter the ACG name, specify the VPC, and then click [Create].
    • An ACG is created and displayed in the ACG list.
    • The ACG created by the user has no default inbound or outbound rules. Set the rules through Set ACG.

Set ACG

To set detailed rules for the Default ACG and the ACGs you created:

Caution

If the ACG outbound rule settings do not exist, the request packet sent from the server may be blocked.

  1. In the VPC environment of the NAVER Cloud Platform console, navigate to Menu > Services > Compute > Server.
  2. Click the ACG menu.
  3. Click to select the ACG to set rules for from the ACG list, and then click [Set ACG].
  4. Enter the detailed rules by referring to the following table, and then click [Add].
    Item Setup method Example
    Protocol Select from TCP, UDP, ICMP, and PROTOCOL NUMBER. -
    Access source Enter IP address or ACG name.
    • IP address
      • Specify the IP network address range as a single IP address or in CIDR format.
      • When using CIDR format, enter the network address followed by a slash (/) and the number of subnet bits.
    • ACG name
      • Specify the entire objects in the ACG as the access source.
    • Example of CIDR input: 0.0.0.0/0, 192.168.1.0/24
    • Example of ACG name input: my-acg-1 (pre-set ACG name)
    Allowed port Enter the allowed port range for selecting TCP and UDP.
    • 22 (for ssh service)
    • 3389 (for Windows remote access)
    Notes Enter briefly, if necessary. -
    • You can check the number defined as the PROTOCOL NUMBER in IANA.
  5. After adding all the rules, click [Apply].
    • The set rules are applied to ACG.

ACG rule settings example

The frequently used ACG rules are as follows:

  • Allows access to SSH service from a specific IP address.

    Protocol Access source Allowed port
    TCP 192.168.77.17 22

  • Allows access to SSH service from a specific IP address range (1).

    Protocol Access source Allowed port
    TCP 192.168.77.0/24 22

  • Allows access to SSH service from a specific IP address range (2).

    Protocol Access source Allowed port
    TCP 192.168.77.128/25 22

  • Allows SSH access between servers assigned to ACG named Test-ACG.

    Protocol Access source Allowed port
    TCP Test-ACG 22

  • Allows access to UDP 22-1025 port from specific IPs.

    Protocol Access source Allowed port
    UDP 192.168.77.17 22-1025

  • Allows access to the entire web service.

    Protocol Access source Allowed port
    TCP 0.0.0.0/0 80

Delete ACG

To delete an ACG:

Note
  • You cannot delete several ACGs at the same time.
  • You cannot delete ACGs applied to servers.
  1. In the VPC environment of the NAVER Cloud Platform console, navigate to Menu > Services > Compute > Server.
  2. Click the ACG menu.
  3. Click to select the ACG to delete from the ACG list, and then click [Delete ACG].
  4. In the confirmation popup, review the details and click [Yes].
    • The ACG is deleted and disappears from the list.
Business Registration Number: 129-86-31394 E-commerce Permit Number:No. 2009-GyeonggiSeongnam-0510
CEO: Kim Yuwon Address: NAVER Green Factory 17th–26th Floors, Buljeong-ro 6, Bundang-gu, Seongnam-si, Gyeonggi-do 13561, Republic of Korea. Customer Support Number: 1544-5876
© NAVER Cloud Corp. All Rights Reserved.