Hello,
Alas you can't just enable security groups on an existing regular
advanced zone, one needs to be created from scratch.
In an adv zone with SG basically you have all your VMs connected in one
big network that is protected and isolated by the so called security
grups which are basically sets of iptables and ebtables rules.
You lose the ability of having a virtual router in front of your VMs, so
say goodbye to NAT, load balancer, firewall (although you have security
groups which have a similar role), vpn etc.
What you gain is not insignificant either, because sg zones are simpler
from a networking pov and this is always a good thing.
I find SG zones are usually perfect for VPS/cloud providers. Typically
all the VPS would be connected in a flat network, eg a public /24, each
would get a public IP and they'd be locked into that IP by the security
groups (they won't be able to "steal" IPs).
HTH
On 2023-11-14 01:51, Palash Biswas wrote:
Hi Community Team Member,
I hope you're having a good day.
I would like to inquire about enabling Security Groups without the need
to
recreate Zones. Additionally, I'm interested in understanding the
potential
impacts or risks associated with enabling Security Groups with the
"Advanced" Network Type.
Your guidance and advice on this matter would be greatly appreciated.
Regards,
Palash Biswas
