A Network Security Group (NSG) is a fundamental component of network security within a VDC that acts as a virtual firewall, allowing you to control ingress and egress traffic to and from resources like Network Interface Cards (NICs) or Virtual Machine (VM).
NSG management is currently only supported via Cloud API. DCD support will be available soon.
Network Security Groups are subject to the below limits
Number of NSGs that can be created per VDC: 200
Number of rules that can be created per NSG: 100
Number of NSGs a VM can be a member of: 10
Number of NSGs a NIC can be a member of: 10
The limits and the current usage can be retrieved using the Cloud API request GET https://api.ionos.com/cloudapi/v6/contracts
For increasing any of the above limits please contact IONOS Cloud Support
NSGs are of two types: Default
and Custom
. You can choose between a Default or a Custom NSG and customize them according to your needs. Create a Default NSG if you want the same set of rules to be applied to all VMs in your data center. If you want more fine-grained control and require the firewall rules to be applied only for a subset of VMs or NICs, create Custom NSGs
Only one Default NSG can be created per Virtual Data Center (VDC).
Every newly created VM in a VDC automatically becomes a member of the Default NSG.
The Default NSG comes with a set of pre-configured rules that allow basic traffic for VMs and Network Interface Cards (NICs) in a VDC.
You can create one or more Custom NSGs based on specific requirements.
A default NSG contains 4 predefined rules that get applied to all member VMs and NICs. The rules behave as below
Allow all IPv4 Egress traffic
Allow all IPv6 Egress traffic
Allow IPv4 Ingress traffic only from 10.0.0.0/24
Allow IPv6 Ingress traffic only from the /56
IPv6 CIDR allocated to the data center
Both NICs and VMs can be members of a NSG. Each resource can be a member of one or more NSGs. When a VM is a member of a NSG, all NICs of the VM implicitly inherit the firewall rules.
NSG support is available in GO Cloud SDK and Terraform.