All Products
Search
Document Center

Smart Access Gateway:Create an ACL for an SAG app instance

Last Updated:Mar 26, 2024

This topic describes how to create an access control list (ACL) for a Smart Access Gateway (SAG) app instance.

Step 1: Create an ACL

  1. Log on to the SAG console.
  2. In the top navigation bar, select the region.
  3. In the left-side navigation pane, click ACL.
  4. On the ACL page, click Create access control.
  5. In the Create access control dialog box, set the following parameters and click OK.

    Parameter

    Description

    Resource Group

    Select a resource group for the ACL.

    Instance Name

    Enter a name for the ACL.

    Instance Type

    Select the type of SAG instance to be associated with the ACL. Valid values:

    • SAG Device

    • SAG App

    In this example, SAG App is selected.

Step 2: Add a rule to the ACL

  1. On the ACL page, find the ACL that you want to manage and click Configure Rules in the Actions column.
  2. On the details page of the ACL, click the Rules tab and click Add Rule.

  3. In the Add Rule dialog box, set the following parameters and click OK.

    Parameter

    Description

    Instance Name

    Enter a name for the rule.

    Rule Direction

    Select a direction for the rule.

    • Outbound: The rule applies to outbound network traffic from the SAG app.

    • Inbound: The rule applied to inbound network traffic to the SAG app.

    Policy

    Select Allow or Block to allow or reject requests.

    Protocol

    Select a protocol for the rule.

    The supported protocols provided in this topic are for reference only. The information in the SAG console shall prevail.

    Source CIDR Block

    The source CIDR block is determined by the direction of the rule.

    • If the direction is Outbound, the source CIDR block is the CIDR block that the SAG app uses to initiate requests.

    • If the direction is Inbound, the source CIDR block is the CIDR block of the external service from which requests are sent to the SAG app instance.

    Source Port Range

    Enter a source port range.

    The port range is determined by the selected protocol. Examples:

    • If Protocol is set to All (All Protocols Supported), the source port range is -1/-1 by default and cannot be modified.

    • If Protocol is set to HTTP, the source port range is 1/65535 and can be modified.

    The ports supported by each protocol vary. The information in the console shall prevail. Valid formats:

    • 1/200: specifies ports that range from 1 to 200.

    • 80/80: specifies port 80.

    • -1/-1: specifies all ports.

    Destination CIDR Block

    The destination CIDR block is determined by the direction of the rule.

    • If the direction is Outbound, the destination CIDR block is the CIDR block of the external service for which requests are destined.

    • If the direction is Inbound, the destination CIDR block is the CIDR block of the SAG app for which requests are destined.

    Destination Port Range

    Enter a destination port range.

    The destination port range is determined by the selected protocol. Examples:

    • If Protocol is set to All (All Protocols Supported), the destination port range is -1/-1 by default and cannot be modified.

    • If Protocol is set to TELNET, the destination port range is 23/23 and can be modified.

    The ports supported by each protocol vary. The information in the console shall prevail. Valid formats:

    • 1/200: specifies ports that range from 1 to 200.

    • 80/80: specifies port 80.

    • -1/-1: specifies all ports.

    Priority

    Select a priority for the rule.

    Valid values: 1 to 100. A smaller value indicates a higher priority.

    Auto Generation of Reverse Direction Rule

    Specify whether to automatically generate a rule that is in the reverse direction.

    If you select this feature, a rule in the reverse direction is automatically generated. For example, if you create a rule in the inbound direction, a rule in the outbound direction is automatically generated.

    Important
    • We recommend that you enable this feature. If you create only one rule in one direction, response timeouts may occur.

    • If the rule supports protocols other than UDP and TCP, the rule that is automatically generated in the reverse direction uses the TCP protocol by default.

Step 3: Associate the rule with the SAG app instance

  1. On the ACL details page, click the Associated Instances tab.
  2. On the Associated Instances tab, click Associate with Instance.

  3. In the Associate with Instance dialog box, select one or more SAG app instances and click OK.

    In the Associate with Instance dialog box, you can search instances by resource group, instance name, and instance ID.

Related operations

Operation

Procedure

Clone an ACL

You can clone an existing ACL, including its rules, and associate the new ACL with another SAG app instance.

  1. On the ACL page, find the ACL that you want to manage and choose Related operations > Clone in the Actions column.

  2. In the Clone ACL message, confirm the information and click OK.

Modify an ACL rule

  1. On the details page of the ACL, click the Rules tab and find the rule that you want to modify.

  2. Click Modify in the Actions column.

  3. In the Edit Rule dialog box, modify the settings and click OK.

Delete an ACL rule

  1. On the details page of the ACL, click the Rules tab and find the rule that you want to delete.

  2. Click Delete in the Actions column.

  3. In the Delete Rule message, click OK.

Disassociate an ACL rule from an SAG app instance

  1. On the ACL instance details page, click the Associated Instances tab.

  2. On the Associated Instances tab, find the SAG app instance that you want to manage and click Disassociate in the Actions column.

  3. In the Disassociate Instance message, confirm the instance information and click OK.

Delete an ACL

  1. On the ACL page, find the ACL that you want to delete and choose Related operations > Delete in the Actions column.

  2. In the Delete ACL message, confirm the information and click OK.

References