IBM Cloud tip: be careful with security groups allow_all when setting up a server

Security groups are a great way to limit access to your server in IBM Cloud. However, if you are just setting up your server, make sure you don’t inadvertently block traffic so that you can’t do anything.

Case in point: you may set allow_all in a security group. You might think that would allow all traffic in and out of your server. However, allow_all will block some traffic still from leaving your server. I was not able to ping 8.8.8.8 or reach other traffic on my Windows VSI when I had this setting.

According to IBM support: “When setting security groups for servers you need to have an equal relationship of ingress (inbound) and egress (outbound) traffic in order to succeed in a proper connection. You would need the allow_all and the allow_outbound group to achieve this.”

Comments are closed.