NAVER CLOUD PLATFORM

Controls and Manages Network Access

As Internet usage and services steadily rise, security threats are also increasing, which demands multiple methods and layers of defense. ACG is a service that controls and manages network access to server groups. To activate the security features easily, simply set the parameters of the firewall for each server group. There’s no need to construct a separate firewall for each server.

Batch Management of Security Settings
With ACG, you can control network access to a large number of servers in a batch, without having to set up a host firewall (iptables, UFW, etc.) for each server. It’s easy to apply and execute security procedures.
Reuse Existing Security Settings
When expanding a service, it is possible to reuse existing access control group (ACG) rules and it is possible to expand the security policy conveniently.
Simple Control of Settings
You can safely and conveniently add, change, and delete inbound rules that allow you to connect to the server with the ACG Rule Change feature in a web-based console, without having to directly access the server to change firewall security rule settings.


Inbound traffic from other internal servers or external Internet channels can be controlled by IP address and port.

By default, all outgoing traffic from the server is allowed,
while inbound traffic is regulated according to the ACG settings.

Create and Manage ACG Settings with Web Console

It’s easy to set the ACG using the Web console:

  • 1) Connect to Console: Log in to the portal and connect to the console.
  • 2) Create ACG: On the ACG menu, select [Create ACG] and enter the name of the ACG.
    (New ACG can be created in “Step 4. Set Firewall,” or an existing ACG may be selected.)
  • 3) ACG Setup: Add and apply the security protocol, including permitted sources and ports.
  • 4) View ACG Rules: Check the rules settings for each ACG.
  • 5) Delete ACG: You can delete the ACG. However, if there is only one server to which the applicable ACG is applied, it cannot be deleted.

Types of ACG Rules

When creating servers, firewall (ACG) settings must be selected to ensure the security of the network. An ACG is an instance that has a distinguishable name with rules that apply to each instance. Provides basic ACG Rule (default ACG) for convenient use of the ACG service. If you need separate firewall settings for your service, you can set up and apply ACG rules yourself (custom ACG).

Table of types of ACG Rules
TypeContentDetails
Default ACGPreset for each account • Blocks all inbound traffic
· Allows all outbound traffic
· Allows communication among the servers within an ACG group
Custom ACGCreated by the customer • Blocks all inbound traffic
· Allows all outbound traffic

ACG Rules and Settings

Table of ACG Rules and Settings
ClassificationSetup MethodExample
ProtocolSelect TCP, UDP, or ICMP
Access source:Specify by either IP address or ACG name
1) IP Address
Specify permitted users by using IP address or CIDR notation.
When entering CIDR notation, enter the network address followed by the subnet bit, separated by a slash (/).
- E.g. To allow all Internet access from all IP addresses: 0.0.0.0/0
- E.g. To allow access from a single IP address: 92.168.10.1/32 or 192.168.10.1
- E.g. When entering CIDR notation (network address/subnet bit):
192.168.77.0/24, 192.168.77.128/25, 192.168.77.192/26
2) ACG Name Target
Assigns the entire object belonging to the ACG group as the access source.
Permitted portsSelect either TCP or UDPTCP (Customizable permitted port range: 1-65535)
UDP (Permitted port range: 1-65535)
ICMP (Select whether to permit the entire protocol)

Notes for using the ACG

You can create up to 100 ACG objects per account and you can set up to 100 rules for each ACG object.

How to Set ACG Rules

Table of How to Set ACG Rules
ExampleProtocolAccess source:Permitted ports
Allow access to the SSH service from a specific IP addressTCP192.168.77.1722
Allow access to the SSH service from a specific band of IP addresses (1)TCP192.168.77.0/2422
Allow access to the SSH service from a specific band of IP addresses (2)TCP192.168.77.128/2522
Allow SSH access between two servers allocated to the ACG named 'Test-ACG'TCPTest-ACG22
Set the NAVER CLOUD PLATFORM-load-balancer (ACG for load balancer) as the source, and
allow access to the web server from the load balancer object
TCPNcloud-load-balancer80
Allow access to UDP 22-1025 port from a specific IP addressUDP192.168.77.1722–1025
Allow full access to web service Port 80TCP0.0.0.0/080

This service is free of charge.

Was this page helpful?

Please share your opinion and any suggestions for us.
0/5000
Please enter content.
Send Opinion