Home > Manage OpenStack Security Groups via Horizon

Manage OpenStack Security Groups via Horizon

If you haven’t tried it already, get a free on-demand trial for Mirantis OpenStack Express, now available.

Security groups are sets of IP filter rules that are applied to an instance’s networking. They are project specific and project members can edit the default rules for their group as well as add new rule sets. All projects have a “default” security group, which is applied to instances that have no other security group defined. Unless changed, this security group denies all incoming traffic.

Creating Security Groups

  • Click on the Access and Security tab and select Security Groups.

  • Click on the +Create Security group button

  • Enter the name of your new Security Group and the description.

  • Click the Create Security Group button.

*Examples below will reference the sample_one Security Group

  • After this we can see the new security group in the list of groups:

5.1.2 Editing Security Group Rules 

  • Press Edit Rules button next to the Security Group you want to add/edit rules.  We will use the sample_one Security Group created above.

Note: By default all ports are opened for outbound connections and no inbound connections are allowed.

  • Click +Add Rule for create new rule.


To enable remote access via ssh to some server with a known IP address to VM’s associated with this Security Group:

  • Select the needed Rule from the drop down list, in this case, SSH

  • Enter the IP address for the known server in the CIDR and provide a netmask of /32

  • Click the Add button

Now ssh access is enabled originating from the specified IP address to all VMs that have this Security Group associated with them.

Additionally, we can manage network relationship between VMs from different Security groups in cloud.


One VM needs to connect to another VM via standard HTTP port:

  • Create new rule

  • For Remote, select Security Group

  • Select the Security Group where the traffic will originate from, in this example, we select the default Security Group

  • Press Add button

Now all VMs that are associated with the default Security Group can access all VMs associated with this Security Group via the HTTP Port.  The rules for the example sample_one Security Group now look like this:

Note: Before launching new virtual machines, be sure to configure the appropriate Security Group on the Access & Security tab::

Want to read more?  This article is an excerpt from our new guide, Mirantis OpenStack Express: Application On-boarding Guide (currently in beta).  Please let us know what you think.