Scenario
In a security group, you can define various access rules to protect the network security of physical servers. The default rule for a security group is to allow all outbound data packets so that physical servers in the security group can access each other.
Usage Suggestions
l When you add a security group rule, follow the principle of least privilege. Only the port and IP address range that are actually required are allowed.
l Exercise caution authorizing source addresses in full CIDR blocks and try to restrict access sources.
l We recommend that you do not manage all applications in one security group and set multiple security groups based on different layering and isolation requirements.
l Add instances with the same security protection requirements to the same security group to simplify management and maintenance.
l Set simple security group rules to prevent network failure due to too many complex rules.
Operation Steps
1. Log in to the console.
2. Click 
at the top of the console, and select a region. In this topic, Hong Kong 2 is selected.
3. In the left-side navigation pane, click Service List, and go to Computing > Physical Server.
4. Move the mouse pointer to the Instance/Server Name column corresponding to the target physical server, and click the physical server instance name to go to the details page.
5. You can click the Security Group tab to view the information of the current security group.
6. You can Modify Security Group or Edit the current security group rule.
7. Click > to the left of Security Group to expand the security group information in the following format.
8. On this page, you can Add Rule or Modify according to your business needs.
Other Security Group Operations
Except for basic actions on a security group, for other security group operations, see Help Center - Virtual Private Cloud - Security Group.