FAQs

What is a Network Security Group?

A Network Security Group (NSG) is a fundamental component of network security within a VDC that acts as a virtual firewall, allowing you to control ingress and egress traffic to and from resources like Network Interface Cards (NICs) or Virtual Machine (VM).

What are its limitations?

NSG management is currently only supported via Cloud API. DCD support will be available soon.

What quotas or resource limits are applied to Network Security Groups?

Network Security Groups are subject to the below limits

  • Number of NSGs that can be created per VDC: 200

  • Number of rules that can be created per NSG: 100

  • Number of NSGs a VM can be a member of: 10

  • Number of NSGs a NIC can be a member of: 10

The limits and the current usage can be retrieved using the Cloud API request GET https://api.ionos.com/cloudapi/v6/contracts

For increasing any of the above limits please contact IONOS Cloud Support

What are the differences between default and custom NSG?

NSGs are of two types: Default and Custom. You can choose between a Default or a Custom NSG and customize them according to your needs. Create a Default NSG if you want the same set of rules to be applied to all VMs in your data center. If you want more fine-grained control and require the firewall rules to be applied only for a subset of VMs or NICs, create Custom NSGs

  • Only one Default NSG can be created per Virtual Data Center (VDC).

  • Every newly created VM in a VDC automatically becomes a member of the Default NSG.

  • The Default NSG comes with a set of pre-configured rules that allow basic traffic for VMs and Network Interface Cards (NICs) in a VDC.

What predefined rules does a default Network Security Group contain?

A default NSG contains 4 predefined rules that get applied to all member VMs and NICs. The rules behave as below

  • Allow all IPv4 Egress traffic

  • Allow all IPv6 Egress traffic

  • Allow IPv4 Ingress traffic only from 10.0.0.0/24

  • Allow IPv6 Ingress traffic only from the /56 IPv6 CIDR allocated to the data center

Which resource types can be members of a Network Security Group?

Both NICs and VMs can be members of a NSG. Each resource can be a member of one or more NSGs. When a VM is a member of a NSG, all NICs of the VM implicitly inherit the firewall rules.

Which developer tools support the Network Security Group feature?

NSG support is available in GO Cloud SDK and Terraform.

Last updated