VPC UMN 20230720 version

Reviewed-by: Hajba, László Antal <laszlo-antal.hajba@t-systems.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>

docs/vpc/umn/FlowLog_0002.html

@@ -5,7 +5,7 @@
 <p id="FlowLog_0002__p38692616421">VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. <a href="#FlowLog_0002__fig1535115691415">Figure 1</a> shows the process for configuring VPC flow logs.</p>
 <div class="fignone" id="FlowLog_0002__fig1535115691415"><a name="FlowLog_0002__fig1535115691415"></a><a name="fig1535115691415"></a><span class="figcap"><b>Figure 1 </b>Configuring VPC flow logs</span><br><span><img class="vsd" id="FlowLog_0002__image9661037927" src="en-us_image_0162336264.png"></span></div>
 <p id="FlowLog_0002__p1137789316"></p>
-<div class="section" id="FlowLog_0002__section1095231112517"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="FlowLog_0002__ul18195045135317"><li id="FlowLog_0002__li13405622115110">Currently, only C3, M3, and S2 ECSs support VPC flow logs.</li><li id="FlowLog_0002__li21719253511">By default, you can create a maximum of 10 VPC flow logs.</li><li id="FlowLog_0002__li1919544520532">By default, a maximum of 400,000 flow log records are supported.</li></ul>
+<div class="section" id="FlowLog_0002__section1095231112517"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="FlowLog_0002__ul18195045135317"><li id="FlowLog_0002__li13405622115110">Currently, C3, M3, and S2 ECSs support VPC flow logs.</li><li id="FlowLog_0002__li21719253511">Each account can have up to 10 VPC flow logs in a region.</li><li id="FlowLog_0002__li11560111014356">By default, a maximum of 400,000 flow log records are supported.</li></ul>
 </div>
 </div>
 <div>

docs/vpc/umn/FlowLog_0003.html

@@ -7,7 +7,8 @@
 <ul id="FlowLog_0003__ul2636114175114"><li id="FlowLog_0003__li196360418515">Create a log group.</li><li id="FlowLog_0003__li0636194119514">Create a log topic.</li></ul>
 <p id="FlowLog_0003__p14332047105117">For more information about the LTS service, see the <em id="FlowLog_0003__i131771016125018">Log Tank Service User Guide</em>.</p>
 </div>
-<div class="section" id="FlowLog_0003__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0003__ol1599100493"><li id="FlowLog_0003__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0003__ol433412616258"><li id="FlowLog_0003__li1261701516256">Click <span><img id="FlowLog_0003__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0003__ol657720261097"><li id="FlowLog_0003__li6860837151412">Click <span><img id="FlowLog_0003__image586015376147" src="en-us_image_0000001553770733.png"></span> in the upper left corner and choose <strong id="FlowLog_0003__b16971105912253"><span id="FlowLog_0003__text1097015592258">Network</span><span id="FlowLog_0003__text11970159122513"></span></strong> &gt; <strong id="FlowLog_0003__b2971155910253">Virtual Private Cloud</strong>.</li></ol><ol start="4" id="FlowLog_0003__ol86651458101716"><li id="FlowLog_0003__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0003__b118476383503">VPC Flow Logs</strong>.</li><li id="FlowLog_0003__li56651158141710">In the upper right corner, click <strong id="FlowLog_0003__b84235270610118">Create VPC Flow Log</strong>. On the displayed page, configure parameters as prompted.<div class="fignone" id="FlowLog_0003__fig4520438111212"><span class="figcap"><b>Figure 1 </b>Create VPC Flow Log</span><br><span><img id="FlowLog_0003__image6520113821218" src="en-us_image_0191544038.png"></span></div>
+<div class="section" id="FlowLog_0003__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0003__ol1599100493"><li id="FlowLog_0003__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0003__ol433412616258"><li id="FlowLog_0003__li1261701516256">Click <span><img id="FlowLog_0003__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0003__ol113341928344"><li id="FlowLog_0003__li65321958215">Click <span><img id="FlowLog_0003__en-us_topic_0013748738_image8750174734412" src="en-us_image_0000001675616561.png"></span> in the upper left corner and choose <strong id="FlowLog_0003__b1879018432820"><span id="FlowLog_0003__text5790134192813">Network</span><span id="FlowLog_0003__text13790246286"></span></strong> &gt; <strong id="FlowLog_0003__b67909411283">Virtual Private Cloud</strong>.<p id="FlowLog_0003__p1182103318256">The <strong id="FlowLog_0003__b8628131015285">Virtual Private Cloud</strong> page is displayed.</p>
+</li></ol><ol start="4" id="FlowLog_0003__ol86651458101716"><li id="FlowLog_0003__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0003__b118476383503">VPC Flow Logs</strong>.</li><li id="FlowLog_0003__li56651158141710">In the upper right corner, click <strong id="FlowLog_0003__b84235270610118">Create VPC Flow Log</strong>. On the displayed page, configure parameters as prompted.<div class="fignone" id="FlowLog_0003__fig4520438111212"><span class="figcap"><b>Figure 1 </b>Create VPC Flow Log</span><br><span><img id="FlowLog_0003__image6520113821218" src="en-us_image_0191544038.png"></span></div>
 <div class="p" id="FlowLog_0003__p159985372119">
 <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="FlowLog_0003__table134731712211" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter descriptions</caption><thead align="left"><tr id="FlowLog_0003__row1434717171627"><th align="left" class="cellrowborder" valign="top" width="19.24%" id="mcps1.3.3.6.2.3.1.2.4.1.1"><p id="FlowLog_0003__p234731711214"><strong id="FlowLog_0003__b729481085112">Parameter</strong></p>
 </th>

docs/vpc/umn/FlowLog_0004.html

@@ -3,10 +3,11 @@
 <h1 class="topictitle1">Viewing a VPC Flow Log</h1>
 <div id="body1547961960823"><div class="section" id="FlowLog_0004__section15598193716333"><h4 class="sectiontitle">Scenarios</h4><p id="FlowLog_0004__p14468192824214">View information about your flow log record.</p>
 <p id="FlowLog_0004__p8118659113310">The capture window is approximately 10 minutes, which indicates that a flow log record will be generated every 10 minutes. After creating a VPC flow log, you need to wait about 10 minutes before you can view the flow log record.</p>
-<div class="note" id="FlowLog_0004__note11123475317"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="FlowLog_0004__p17111534205312">If an ECS is in the stopped state, its flow log records will not be displayed.</p>
+<div class="note" id="FlowLog_0004__note11123475317"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="FlowLog_0004__p6431815388">If an ECS is in the stopped state, its flow log records will not be displayed.</p>
 </div></div>
 </div>
-<div class="section" id="FlowLog_0004__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0004__ol1599100493"><li id="FlowLog_0004__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0004__ol433412616258"><li id="FlowLog_0004__li1261701516256">Click <span><img id="FlowLog_0004__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0004__ol657720261097"><li id="FlowLog_0004__li6860837151412">Click <span><img id="FlowLog_0004__image586015376147" src="en-us_image_0000001503490746.png"></span> in the upper left corner and choose <strong id="FlowLog_0004__b17656250260"><span id="FlowLog_0004__text67647257267">Network</span><span id="FlowLog_0004__text276510259266"></span></strong> &gt; <strong id="FlowLog_0004__b1765182513261">Virtual Private Cloud</strong>.</li></ol><ol start="4" id="FlowLog_0004__ol86651458101716"><li id="FlowLog_0004__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0004__b472112210378">VPC Flow Logs</strong>.</li><li id="FlowLog_0004__li56651158141710">Locate the target VPC flow log and click <strong id="FlowLog_0004__b8869042123814">View Log Record</strong> in the <strong id="FlowLog_0004__b135221046143810">Operation</strong> column to view information about the flow log record in LTS.<div class="fignone" id="FlowLog_0004__fig3110112519524"><span class="figcap"><b>Figure 1 </b>Viewing a log record</span><br><span><img id="FlowLog_0004__image1611013253524" src="en-us_image_0191577030.png"></span></div>
+<div class="section" id="FlowLog_0004__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0004__ol1599100493"><li id="FlowLog_0004__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0004__ol433412616258"><li id="FlowLog_0004__li1261701516256">Click <span><img id="FlowLog_0004__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0004__ol113341928344"><li id="FlowLog_0004__li65321958215">Click <span><img id="FlowLog_0004__en-us_topic_0013748738_image8750174734412" src="en-us_image_0000001675256657.png"></span> in the upper left corner and choose <strong id="FlowLog_0004__b74381552113516"><span id="FlowLog_0004__text16438185220358">Network</span><span id="FlowLog_0004__text5438652153519"></span></strong> &gt; <strong id="FlowLog_0004__b12439155219352">Virtual Private Cloud</strong>.<p id="FlowLog_0004__p1182103318256">The <strong id="FlowLog_0004__b638735717355">Virtual Private Cloud</strong> page is displayed.</p>
+</li></ol><ol start="4" id="FlowLog_0004__ol86651458101716"><li id="FlowLog_0004__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0004__b472112210378">VPC Flow Logs</strong>.</li><li id="FlowLog_0004__li56651158141710">Locate the target VPC flow log and click <strong id="FlowLog_0004__b8869042123814">View Log Record</strong> in the <strong id="FlowLog_0004__b135221046143810">Operation</strong> column to view information about the flow log record in LTS.<div class="fignone" id="FlowLog_0004__fig3110112519524"><span class="figcap"><b>Figure 1 </b>Viewing a log record</span><br><span><img id="FlowLog_0004__image1611013253524" src="en-us_image_0191577030.png"></span></div>
 <div class="fignone" id="FlowLog_0004__fig184421854195912"><span class="figcap"><b>Figure 2 </b>Flow log record</span><br><span><img id="FlowLog_0004__image1944365414598" src="en-us_image_0191588554.png"></span></div>
 <p id="FlowLog_0004__p15138111772317">The flow log record is in the following format:</p>
 <pre class="screen" id="FlowLog_0004__screen7138817152312">&lt;version&gt; &lt;project-id&gt; &lt;interface-id&gt; &lt;srcaddr&gt; &lt;dstaddr&gt; &lt;srcport&gt; &lt;dstport&gt; &lt;protocol&gt; &lt;packets&gt; &lt;bytes&gt; &lt;start&gt; &lt;end&gt; &lt;action&gt; &lt;log-status&gt;</pre>

docs/vpc/umn/FlowLog_0005.html

@@ -5,7 +5,8 @@
 <div class="note" id="FlowLog_0005__note3879192310615"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="FlowLog_0005__p10879923360">If a NIC that uses a VPC flow log is deleted, the flow log will be automatically deleted. However, the flow log records are not deleted.</p>
 </div></div>
 </div>
-<div class="section" id="FlowLog_0005__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0005__ol1599100493"><li id="FlowLog_0005__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0005__ol433412616258"><li id="FlowLog_0005__li1261701516256">Click <span><img id="FlowLog_0005__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0005__ol657720261097"><li id="FlowLog_0005__li6860837151412">Click <span><img id="FlowLog_0005__image586015376147" src="en-us_image_0000001503330854.png"></span> in the upper left corner and choose <strong id="FlowLog_0005__b15391356132614"><span id="FlowLog_0005__text3390155616267">Network</span><span id="FlowLog_0005__text4391105692619"></span></strong> &gt; <strong id="FlowLog_0005__b2039185612612">Virtual Private Cloud</strong>.</li></ol><ol start="4" id="FlowLog_0005__ol86651458101716"><li id="FlowLog_0005__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0005__b71643149529">VPC Flow Logs</strong>.</li><li id="FlowLog_0005__li7951185711459">Locate the row that contains the VPC flow log to be deleted and click <strong id="FlowLog_0005__b7845125318142">Delete</strong> in the <strong id="FlowLog_0005__b2084695319142">Operation</strong> column.<div class="fignone" id="FlowLog_0005__fig11695911145"><span class="figcap"><b>Figure 1 </b>Deleting a VPC flow log</span><br><span><img id="FlowLog_0005__image3696513415" src="en-us_image_0191594527.png"></span></div>
+<div class="section" id="FlowLog_0005__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0005__ol1599100493"><li id="FlowLog_0005__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0005__ol433412616258"><li id="FlowLog_0005__li1261701516256">Click <span><img id="FlowLog_0005__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0005__ol113341928344"><li id="FlowLog_0005__li65321958215">Click <span><img id="FlowLog_0005__en-us_topic_0013748738_image8750174734412" src="en-us_image_0000001626736794.png"></span> in the upper left corner and choose <strong id="FlowLog_0005__b443115053714"><span id="FlowLog_0005__text17438506372">Network</span><span id="FlowLog_0005__text13431550143716"></span></strong> &gt; <strong id="FlowLog_0005__b124316505370">Virtual Private Cloud</strong>.<p id="FlowLog_0005__p1182103318256">The <strong id="FlowLog_0005__b3665355143718">Virtual Private Cloud</strong> page is displayed.</p>
+</li></ol><ol start="4" id="FlowLog_0005__ol86651458101716"><li id="FlowLog_0005__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0005__b71643149529">VPC Flow Logs</strong>.</li><li id="FlowLog_0005__li7951185711459">Locate the row that contains the VPC flow log to be deleted and click <strong id="FlowLog_0005__b7845125318142">Delete</strong> in the <strong id="FlowLog_0005__b2084695319142">Operation</strong> column.<div class="fignone" id="FlowLog_0005__fig11695911145"><span class="figcap"><b>Figure 1 </b>Deleting a VPC flow log</span><br><span><img id="FlowLog_0005__image3696513415" src="en-us_image_0191594527.png"></span></div>
 </li><li id="FlowLog_0005__li56651158141710">Click <strong id="FlowLog_0005__b221712241717">Yes</strong> in the displayed dialog box.</li></ol>
 </div>
 </div>

docs/vpc/umn/FlowLog_0006.html

@@ -3,7 +3,8 @@
 <h1 class="topictitle1">Enabling or Disabling VPC Flow Log</h1>
 <div id="body1553326015158"><div class="section" id="FlowLog_0006__section15598193716333"><h4 class="sectiontitle">Scenarios</h4><p id="FlowLog_0006__p8118659113310">After a VPC flow log is created, the VPC flow log is automatically enabled. If you do not need to record traffic data, you can disable the corresponding VPC flow log. The disabled VPC flow log can be enabled again.</p>
 </div>
-<div class="section" id="FlowLog_0006__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0006__ol1599100493"><li id="FlowLog_0006__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0006__ol433412616258"><li id="FlowLog_0006__li1261701516256">Click <span><img id="FlowLog_0006__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0006__ol657720261097"><li id="FlowLog_0006__li6860837151412">Click <span><img id="FlowLog_0006__image586015376147" src="en-us_image_0000001503011070.png"></span> in the upper left corner and choose <strong id="FlowLog_0006__b148321646202614"><span id="FlowLog_0006__text138311146152610">Network</span><span id="FlowLog_0006__text583194642613"></span></strong> &gt; <strong id="FlowLog_0006__b1832104632618">Virtual Private Cloud</strong>.</li></ol><ol start="4" id="FlowLog_0006__ol86651458101716"><li id="FlowLog_0006__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0006__b14531953153514">VPC Flow Logs</strong>.</li><li id="FlowLog_0006__li11786153123011">Locate the VPC flow log to be enabled or disabled, and choose <strong id="FlowLog_0006__b1417519538118">More</strong> &gt; <strong id="FlowLog_0006__b18341923141120">Enable</strong> or <strong id="FlowLog_0006__b10997182191214">More</strong> &gt; <strong id="FlowLog_0006__b8834623191119">Disable</strong> in the <strong id="FlowLog_0006__b1583417239116">Operation</strong> column.</li><li id="FlowLog_0006__li488372733118">Click <strong id="FlowLog_0006__b84235270615469">Yes</strong>.</li></ol>
+<div class="section" id="FlowLog_0006__section7359352124511"><h4 class="sectiontitle">Procedure</h4><ol id="FlowLog_0006__ol1599100493"><li id="FlowLog_0006__li16376160184113">Log in to the management console.</li></ol><ol start="2" id="FlowLog_0006__ol433412616258"><li id="FlowLog_0006__li1261701516256">Click <span><img id="FlowLog_0006__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li></ol><ol start="3" id="FlowLog_0006__ol113341928344"><li id="FlowLog_0006__li65321958215">Click <span><img id="FlowLog_0006__en-us_topic_0013748738_image8750174734412" src="en-us_image_0000001627056686.png"></span> in the upper left corner and choose <strong id="FlowLog_0006__b1390013296375"><span id="FlowLog_0006__text13900229193718">Network</span><span id="FlowLog_0006__text1900829173716"></span></strong> &gt; <strong id="FlowLog_0006__b159001629173711">Virtual Private Cloud</strong>.<p id="FlowLog_0006__p1182103318256">The <strong id="FlowLog_0006__b917763412373">Virtual Private Cloud</strong> page is displayed.</p>
+</li></ol><ol start="4" id="FlowLog_0006__ol86651458101716"><li id="FlowLog_0006__li15362774171923">In the navigation pane on the left, choose <strong id="FlowLog_0006__b14531953153514">VPC Flow Logs</strong>.</li><li id="FlowLog_0006__li11786153123011">Locate the VPC flow log to be enabled or disabled, and choose <strong id="FlowLog_0006__b1417519538118">More</strong> &gt; <strong id="FlowLog_0006__b18341923141120">Enable</strong> or <strong id="FlowLog_0006__b10997182191214">More</strong> &gt; <strong id="FlowLog_0006__b8834623191119">Disable</strong> in the <strong id="FlowLog_0006__b1583417239116">Operation</strong> column.</li><li id="FlowLog_0006__li488372733118">Click <strong id="FlowLog_0006__b84235270615469">Yes</strong>.</li></ol>
 </div>
 </div>
 <div>

docs/vpc/umn/SecurityGroup_0003.html

@@ -1,10 +1,10 @@
 <a name="SecurityGroup_0003"></a><a name="SecurityGroup_0003"></a>
 
-<h1 class="topictitle1">Default Security Groups and Security Group Rules</h1>
-<div id="body1529924412907"><div class="p" id="SecurityGroup_0003__p38211617154214">The system creates a default security group for each account. By default, the default security group rules:<ul id="SecurityGroup_0003__ul11516174719521"><li id="SecurityGroup_0003__en-us_topic_0073379079_li1351674713522">Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.</li><li id="SecurityGroup_0003__en-us_topic_0073379079_li15176291612">Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.</li></ul>
+<h1 class="topictitle1">Default Security Group and Its Rules</h1>
+<div id="body1529924412907"><div class="p" id="SecurityGroup_0003__p38211617154214">If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:<ul id="SecurityGroup_0003__ul13643173351019"><li id="SecurityGroup_0003__li164313371013">Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.</li><li id="SecurityGroup_0003__li176437339108">Outbound rules allow all outbound traffic and response traffic to the outbound requests.</li></ul>
 </div>
 <div class="fignone" id="SecurityGroup_0003__fig997718156161"><span class="figcap"><b>Figure 1 </b>Default security group</span><br><span><img class="eddx" id="SecurityGroup_0003__image22171236172514" src="en-us_image_0000001230120807.png"></span></div>
-<div class="note" id="SecurityGroup_0003__note154069174516"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="SecurityGroup_0003__ul13707733161311"><li id="SecurityGroup_0003__li04874352138">You cannot delete the default security group, but you can modify the rules for the default security group.</li><li id="SecurityGroup_0003__li157071633191312">If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs.</li></ul>
+<div class="note" id="SecurityGroup_0003__note154069174516"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="SecurityGroup_0003__ul13707733161311"><li id="SecurityGroup_0003__li04874352138">You cannot delete the default security group, but you can modify existing rules or add rules to the group.</li><li id="SecurityGroup_0003__li131365102713">The default security group is automatically created to simplify the process of creating an instance for the first time. The default security group denies all external requests. To log in to an instance, add a security group rule by referring to <a href="en-us_topic_0081124350.html#en-us_topic_0081124350__section14933617154810">Remotely Logging In to an ECS from a Local Server</a>.</li></ul>
 </div></div>
 <p id="SecurityGroup_0003__p14738751115618"><a href="#SecurityGroup_0003__table493045171919">Table 1</a> describes the default rules for the default security group.</p>
 

docs/vpc/umn/SecurityGroup_0006.html

@@ -4,8 +4,8 @@
 <div id="body1529924417030"><div class="section" id="SecurityGroup_0006__section181956227265"><h4 class="sectiontitle">Scenarios</h4><p id="SecurityGroup_0006__p95671820182813">Change the security group associated with an ECS NIC.</p>
 </div>
 <div class="section" id="SecurityGroup_0006__section451235718918"><h4 class="sectiontitle">Procedure</h4><ol id="SecurityGroup_0006__en-us_topic_0093492517_ol146871568377"><li id="SecurityGroup_0006__en-us_topic_0093492517_li3490190117228">Log in to the management console.</li><li id="SecurityGroup_0006__en-us_topic_0093492517_li1168746173718">Click <span><img id="SecurityGroup_0006__en-us_topic_0093492517_image1791178433153215" src="en-us_image_0093507575.png"></span> in the upper left corner and select your region and project.</li><li id="SecurityGroup_0006__en-us_topic_0093492517_li206871564372">Under <strong id="SecurityGroup_0006__en-us_topic_0093492517_b1338816073816"><span id="SecurityGroup_0006__en-us_topic_0093492517_text13387501380">Computing</span></strong>, click <strong id="SecurityGroup_0006__en-us_topic_0093492517_b938818033811">Elastic Cloud Server</strong>.</li><li id="SecurityGroup_0006__en-us_topic_0093492517_li6688267371">In the ECS list, locate the row that contains the target ECS. Click <strong id="SecurityGroup_0006__en-us_topic_0093492517_b3965144994119">More</strong> in the <strong id="SecurityGroup_0006__en-us_topic_0093492517_b179661449174112">Operation</strong> column and select <strong id="SecurityGroup_0006__en-us_topic_0093492517_b14966174913419">Manage Network</strong> &gt; <strong id="SecurityGroup_0006__en-us_topic_0093492517_b19967749134120">Change Security Group</strong>.<p id="SecurityGroup_0006__en-us_topic_0093492517_p968836143718">The <strong id="SecurityGroup_0006__en-us_topic_0093492517_b842352706162949">Change Security Group</strong> dialog box is displayed.</p>
-<div class="fignone" id="SecurityGroup_0006__en-us_topic_0093492517_fig1673733486"><span class="figcap"><b>Figure 1 </b>Change Security Group</span><br><span><img id="SecurityGroup_0006__en-us_topic_0093492517_image14705135143714" src="en-us_image_0122999741.png"></span></div>
-</li><li id="SecurityGroup_0006__en-us_topic_0093492517_li14114175682518">Select the target NIC and security groups as prompted.<p id="SecurityGroup_0006__en-us_topic_0093492517_p1615510191262"><a name="SecurityGroup_0006__en-us_topic_0093492517_li14114175682518"></a><a name="en-us_topic_0093492517_li14114175682518"></a>You can select multiple security groups. In such a case, the rules of all the selected security groups will be aggregated to apply on the <span id="SecurityGroup_0006__en-us_topic_0093492517_text10680201271119">ECS</span>.</p>
+<div class="fignone" id="SecurityGroup_0006__en-us_topic_0093492517_fig1673733486"><span class="figcap"><b>Figure 1 </b>Change Security Group</span><br><span><img id="SecurityGroup_0006__en-us_topic_0093492517_image96888152276" src="en-us_image_0162733894.png"></span></div>
+</li><li id="SecurityGroup_0006__en-us_topic_0093492517_li14114175682518">Select the target NIC and security groups.<p id="SecurityGroup_0006__en-us_topic_0093492517_p1615510191262"><a name="SecurityGroup_0006__en-us_topic_0093492517_li14114175682518"></a><a name="en-us_topic_0093492517_li14114175682518"></a>You can select multiple security groups. In such a case, the rules of all the selected security groups will be aggregated to apply on the <span id="SecurityGroup_0006__en-us_topic_0093492517_text10680201271119">ECS</span>.</p>
 <p id="SecurityGroup_0006__en-us_topic_0093492517_p1669712426182">To create a security group, click <strong id="SecurityGroup_0006__en-us_topic_0093492517_b1291994117114">Create Security Group</strong>.</p>
 <div class="note" id="SecurityGroup_0006__en-us_topic_0093492517_note4690867375"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="SecurityGroup_0006__en-us_topic_0093492517_p3691176143719">Using multiple security groups may deteriorate <span id="SecurityGroup_0006__en-us_topic_0093492517_text127881839154216">ECS</span> network performance. You are suggested to select no more than five security groups.</p>
 </div></div>

docs/vpc/umn/SecurityGroup_0017.html

@@ -1,14 +1,23 @@
 <a name="SecurityGroup_0017"></a><a name="SecurityGroup_0017"></a>
 
-<h1 class="topictitle1">Adding Instances to and Removing Them from a Security Group</h1>
-<div id="body1532510613760"><div class="section" id="SecurityGroup_0017__section1284185020245"><h4 class="sectiontitle">Scenarios</h4><p id="SecurityGroup_0017__p20866105342413">After a security group is created, you can add instances to the security group to protect the instances. You can also remove them from the security group as required.</p>
-<p id="SecurityGroup_0017__p37853499286">You can add multiple instances to or remove them from a security group.</p>
+<h1 class="topictitle1">Adding an Instance to or Removing an Instance from a Security Group</h1>
+<div id="body1532510613760"><div class="section" id="SecurityGroup_0017__section1284185020245"><h4 class="sectiontitle">Scenarios</h4><div class="p" id="SecurityGroup_0017__p5231151693518">When you create an instance, the system automatically adds the instance to a security group for protection.<ul id="SecurityGroup_0017__ul12247447191919"><li id="SecurityGroup_0017__li424764717199">If one security group cannot meet your requirements, you can add an instance to multiple security groups.</li><li id="SecurityGroup_0017__li1043520521190">An instance must be added to at least one security group. If you want to change the security group for an instance, you can add the instance to a new security group and then remove the instance from the original security group.</li></ul>
 </div>
-<div class="section" id="SecurityGroup_0017__section7737145418298"><h4 class="sectiontitle">Adding Instances to a Security Group</h4><ol id="SecurityGroup_0017__ol1527262085715"><li id="SecurityGroup_0017__li2849879021595">Log in to the management console.</li><li id="SecurityGroup_0017__li19707181319510">Click <span><img id="SecurityGroup_0017__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="SecurityGroup_0017__li958016211335">Click <span><img id="SecurityGroup_0017__vpc_vpc_0004_image586015376147" src="en-us_image_0000001500905066.png"></span> in the upper left corner and choose <strong id="SecurityGroup_0017__vpc_vpc_0004_b1656981942010"><span id="SecurityGroup_0017__vpc_vpc_0004_text2861113718142">Network</span><span id="SecurityGroup_0017__vpc_vpc_0004_text3861203713146"></span></strong> &gt; <strong id="SecurityGroup_0017__vpc_vpc_0004_b65691219172012">Virtual Private Cloud</strong>.</li><li id="SecurityGroup_0017__li15281162517570">In the navigation pane on the left, choose <strong id="SecurityGroup_0017__b26200341168">Access Control</strong> &gt; <strong id="SecurityGroup_0017__b762519341261">Security Groups</strong>.</li><li id="SecurityGroup_0017__li286122917579">On the <strong id="SecurityGroup_0017__b114081941131210">Security Groups</strong> page, click <strong id="SecurityGroup_0017__b97031427151318">Manage Instance</strong> in the <strong id="SecurityGroup_0017__b818562410133">Operation</strong> column.</li><li id="SecurityGroup_0017__li7677145464713">On the <strong id="SecurityGroup_0017__b842352706144348">Servers</strong> tab, click <strong id="SecurityGroup_0017__b842352706144415">Add</strong> and add one or more servers to the current security group.</li><li id="SecurityGroup_0017__li20454133912504">On the <strong id="SecurityGroup_0017__b842352706144522">Extension NICs</strong> tab, click <strong id="SecurityGroup_0017__b842352706144533">Add</strong> and add one or more extension NICs to the current security group.</li><li id="SecurityGroup_0017__li2089912335185">Click <strong id="SecurityGroup_0017__b22849223551">OK</strong>.</li></ol>
 </div>
-<div class="section" id="SecurityGroup_0017__section147074331319"><h4 class="sectiontitle">Removing Instances from a Security Group</h4><ol id="SecurityGroup_0017__ol2708193318119"><li id="SecurityGroup_0017__li8955159354">Log in to the management console.</li><li id="SecurityGroup_0017__li1770913314115">Click <span><img id="SecurityGroup_0017__en-us_topic_0013748726_image338921514480_1" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="SecurityGroup_0017__li457711953517">Click <span><img id="SecurityGroup_0017__vpc_vpc_0004_image586015376147_1" src="en-us_image_0000001500905066.png"></span> in the upper left corner and choose <strong id="SecurityGroup_0017__vpc_vpc_0004_b1656981942010_1"><span id="SecurityGroup_0017__vpc_vpc_0004_text2861113718142_1">Network</span><span id="SecurityGroup_0017__vpc_vpc_0004_text3861203713146_1"></span></strong> &gt; <strong id="SecurityGroup_0017__vpc_vpc_0004_b65691219172012_1">Virtual Private Cloud</strong>.</li><li id="SecurityGroup_0017__li13710163311119">In the navigation pane on the left, choose <strong id="SecurityGroup_0017__b31988488616">Access Control</strong> &gt; <strong id="SecurityGroup_0017__b320454816619">Security Groups</strong>.</li><li id="SecurityGroup_0017__li15710173310112">On the <strong id="SecurityGroup_0017__b12372184413013">Security Groups</strong> page, click <strong id="SecurityGroup_0017__b447214318185">Manage Instance</strong> in the <strong id="SecurityGroup_0017__b33785449019">Operation</strong> column.</li><li id="SecurityGroup_0017__li510095217212">On the <strong id="SecurityGroup_0017__b842352706144648">Servers</strong> tab, locate the target server and click <strong id="SecurityGroup_0017__b842352706145255">Remove</strong> in the <strong id="SecurityGroup_0017__b84235270614534">Operation</strong> column to remove the server from current security group.</li><li id="SecurityGroup_0017__li1150617131044">On the <strong id="SecurityGroup_0017__b842352706145831">Extension NICs</strong> tab, locate the target extension NIC and click <strong id="SecurityGroup_0017__b84235270615032">Remove</strong> in the <strong id="SecurityGroup_0017__b84235270615038">Operation</strong> column to remove the NIC from the current security group.</li><li id="SecurityGroup_0017__li131424061815">Click <strong id="SecurityGroup_0017__b17292422185516">Yes</strong>.</li></ol>
-<p id="SecurityGroup_0017__p13242193814303"><strong id="SecurityGroup_0017__b8423527061514">Removing multiple instances from a security group</strong></p>
-<ul id="SecurityGroup_0017__ul14837174611919"><li id="SecurityGroup_0017__li9838104617192">Select multiple servers and click <strong id="SecurityGroup_0017__b842352706163632">Remove</strong> above the server list to remove the selected servers from the current security group all at once.</li><li id="SecurityGroup_0017__li1983884614191">Select multiple extension NICs and click <strong id="SecurityGroup_0017__b84235270616591">Remove</strong> above the extension NIC list to remove the selected extension NICs from the current security group all at once.</li></ul>
+<div class="section" id="SecurityGroup_0017__section7737145418298"><h4 class="sectiontitle">Adding an Instance to a Security Group</h4><ol id="SecurityGroup_0017__ol1527262085715"><li id="SecurityGroup_0017__li2849879021595">Log in to the management console.</li><li id="SecurityGroup_0017__li19707181319510">Click <span><img id="SecurityGroup_0017__en-us_topic_0013748726_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="SecurityGroup_0017__li65321958215">Click <span><img id="SecurityGroup_0017__en-us_topic_0013748738_image8750174734412" src="en-us_image_0000001627054058.png"></span> in the upper left corner and choose <strong id="SecurityGroup_0017__b19991723143713"><span id="SecurityGroup_0017__text399162313377">Network</span><span id="SecurityGroup_0017__text13991132319370"></span></strong> &gt; <strong id="SecurityGroup_0017__b11991323183715">Virtual Private Cloud</strong>.<p id="SecurityGroup_0017__p1182103318256">The <strong id="SecurityGroup_0017__b0884173153715">Virtual Private Cloud</strong> page is displayed.</p>
+</li><li id="SecurityGroup_0017__li1955416211482">In the navigation pane on the left, choose <strong id="SecurityGroup_0017__b39573448339">Access Control</strong> &gt; <strong id="SecurityGroup_0017__b2095710448331">Security Groups</strong>.<p id="SecurityGroup_0017__p78331733204216">The security group list is displayed.</p>
+</li><li id="SecurityGroup_0017__li61193616483">In the security group list, locate the row that contains the security group and click <strong id="SecurityGroup_0017__b771214521337">Manage Instances</strong> in the <strong id="SecurityGroup_0017__b1871355243310">Operation</strong> column.<p id="SecurityGroup_0017__p100911194312">The <strong id="SecurityGroup_0017__b12887181919406">Associated Instances</strong> tab is displayed.</p>
+</li><li id="SecurityGroup_0017__li17819483234">Click an instance type.<p id="SecurityGroup_0017__p212255420232"><a name="SecurityGroup_0017__li17819483234"></a><a name="li17819483234"></a>The following operations use <strong id="SecurityGroup_0017__b955634924019">Servers</strong> as an example.</p>
+</li><li id="SecurityGroup_0017__li16925141642314">Click the <strong id="SecurityGroup_0017__b1463250104111">Servers</strong> tab and click <strong id="SecurityGroup_0017__b1821478154117">Add</strong>.<p id="SecurityGroup_0017__p1388682452418">The <strong id="SecurityGroup_0017__b341518914111">Add Server</strong> dialog box is displayed.</p>
+</li><li id="SecurityGroup_0017__li1411153214246">In the server list, select one or more servers and click OK to add them to the current security group.</li></ol>
+</div>
+<div class="section" id="SecurityGroup_0017__section147074331319"><h4 class="sectiontitle">Removing an Instance from a Security Group</h4><p id="SecurityGroup_0017__p16615356142514">An instance must be added to at least one security group. If you want to remove an instance from a security group, the instance must be associated with at least two security groups now.</p>
+<ol id="SecurityGroup_0017__ol2708193318119"><li id="SecurityGroup_0017__li8955159354">Log in to the management console.</li><li id="SecurityGroup_0017__li1770913314115">Click <span><img id="SecurityGroup_0017__en-us_topic_0013748726_image338921514480_1" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="SecurityGroup_0017__li5766141316458">Click <span><img id="SecurityGroup_0017__image10766141319453" src="en-us_image_0000001626734162.png"></span> in the upper left corner and choose <strong id="SecurityGroup_0017__b090413613712"><span id="SecurityGroup_0017__text390493653717">Network</span><span id="SecurityGroup_0017__text20904193603712"></span></strong> &gt; <strong id="SecurityGroup_0017__b16904183616376">Virtual Private Cloud</strong>.<p id="SecurityGroup_0017__p11767191320456">The <strong id="SecurityGroup_0017__b19977114263710">Virtual Private Cloud</strong> page is displayed.</p>
+</li><li id="SecurityGroup_0017__li155681561266">In the navigation pane on the left, choose <strong id="SecurityGroup_0017__b126787217514">Access Control</strong> &gt; <strong id="SecurityGroup_0017__b1867810275116">Security Groups</strong>.<p id="SecurityGroup_0017__p55684565264">The security group list is displayed.</p>
+</li><li id="SecurityGroup_0017__li1456875612268">In the security group list, locate the row that contains the security group and click <strong id="SecurityGroup_0017__b14637153616516">Manage Instances</strong> in the <strong id="SecurityGroup_0017__b5638183635118">Operation</strong> column.<p id="SecurityGroup_0017__p756895615261">The <strong id="SecurityGroup_0017__b18614184817515">Associated Instances</strong> tab is displayed.</p>
+</li><li id="SecurityGroup_0017__li056825618262">Click an instance type.<p id="SecurityGroup_0017__p1856875682612"><a name="SecurityGroup_0017__li056825618262"></a><a name="li056825618262"></a>The following operations use <strong id="SecurityGroup_0017__b3583185165217">Servers</strong> as an example.</p>
+</li><li id="SecurityGroup_0017__li622212073511">Click the <strong id="SecurityGroup_0017__b149916167531">Servers</strong> tab, select one or more servers, and click <strong id="SecurityGroup_0017__b9533163975315">Remove</strong> in the upper left corner of the server list.<p id="SecurityGroup_0017__p3507243173516">A confirmation dialog box is displayed.</p>
+</li><li id="SecurityGroup_0017__li2047029193517">Confirm the information and click <strong id="SecurityGroup_0017__b53251758165419">Yes</strong>.</li></ol>
 </div>
 <div class="section" id="SecurityGroup_0017__section12231126103410"><h4 class="sectiontitle">Follow-Up Operations</h4><p id="SecurityGroup_0017__p14912491346">You can delete the security groups that you no longer need. Deleting a security group will also delete all security group rules in the security group. For details, see <a href="vpc_SecurityGroup_0008.html">Deleting a Security Group</a>.</p>
 </div>

docs/vpc/umn/acl_0001.html

@@ -3,13 +3,13 @@
 <h1 class="topictitle1"><span id="text15411215417">Firewall</span><span id="text741121516120"></span> Overview</h1>
 <div id="body1544424023306"><p id="acl_0001__p13781551490">A <span id="acl_0001__text11248715171311">firewall</span><span id="acl_0001__text45551720134"></span> is an optional layer of security for your subnets. After you associate one or more subnets with a <span id="acl_0001__text13717202713198">firewall</span><span id="acl_0001__text2717122731911"></span>, you can control traffic in and out of the subnets.</p>
 <p id="acl_0001__p8060118"><a href="#acl_0001__fig9582182315479">Figure 1</a> shows how a firewall works.</p>
-<div class="fignone" id="acl_0001__fig9582182315479"><a name="acl_0001__fig9582182315479"></a><a name="fig9582182315479"></a><span class="figcap"><b>Figure 1 </b>Security groups and firewalls</span><br><span><img id="acl_0001__en-us_topic_0052003963_image1897541382617" src="en-us_image_0148244691.png"></span></div>
+<div class="fignone" id="acl_0001__fig9582182315479"><a name="acl_0001__fig9582182315479"></a><a name="fig9582182315479"></a><span class="figcap"><b>Figure 1 </b>Security groups and firewalls</span><br><span><img class="eddx" id="acl_0001__en-us_topic_0052003963_image048361820309" src="en-us_image_0000001699135873.png"></span></div>
 <p id="acl_0001__p668217610324">Similar to security groups, <span id="acl_0001__text127138429139">firewall</span><span id="acl_0001__text6713942101313"></span>s control access to subnets and add an additional layer of defense to your subnets. Security groups only have the "allow" rules, but <span id="acl_0001__text3310185011135">firewall</span><span id="acl_0001__text12310115051319"></span>s have both "allow" and "deny" rules. You can use <span id="acl_0001__text1554161716440">firewall</span><span id="acl_0001__text19555817144413"></span>s together with security groups to implement comprehensive and fine-grained access control. </p>
 <p id="acl_0001__p6398184124212"><a href="en-us_topic_0052003963.html">Differences Between Security Groups and Firewalls</a> summarizes the basic differences between security groups and <span id="acl_0001__text137415412138">firewall</span><span id="acl_0001__text4374125421314"></span>s.</p>
 <div class="section" id="acl_0001__section1952742625114"><h4 class="sectiontitle"><span id="acl_0001__text16549171719105">Firewall</span><span id="acl_0001__text215101619277"></span> Basics</h4><ul id="acl_0001__ul16670101419510"><li id="acl_0001__li1767091455112">Your VPC does not come with a <span id="acl_0001__text1681559201318">firewall</span><span id="acl_0001__text1481195921318"></span>, but you can create a <span id="acl_0001__text193132025161912">firewall</span><span id="acl_0001__text131517252195"></span> and associate it with a VPC subnet if required. By default, each <span id="acl_0001__text17139141019144">firewall</span><span id="acl_0001__text1313941001416"></span> denies all inbound traffic to and outbound traffic from the associated subnet until you add rules.</li><li id="acl_0001__li9670101412519">You can associate a <span id="acl_0001__text129685145149">firewall</span><span id="acl_0001__text16968514181411"></span> with multiple subnets. However, a subnet can only be associated with one <span id="acl_0001__text1922420915259">firewall</span><span id="acl_0001__text12259912252"></span> at a time.</li><li id="acl_0001__li1670714145119">Each newly created <span id="acl_0001__text138342217143">firewall</span><span id="acl_0001__text1183132212149"></span> is in the <strong id="acl_0001__b0772925121511">Inactive</strong> state until you associate subnets with it.</li></ul>
 </div>
 <div class="section" id="acl_0001__section99541345213"><a name="acl_0001__section99541345213"></a><a name="section99541345213"></a><h4 class="sectiontitle">Default <span id="acl_0001__text17811727151018">Firewall</span><span id="acl_0001__text96061321162714"></span> Rules</h4><p id="acl_0001__p1767071405116">By default, each <span id="acl_0001__text28540545146">firewall</span><span id="acl_0001__text12854205411419"></span> has preset rules that allow the following packets:</p>
-<ul id="acl_0001__ul116891923175218"><li id="acl_0001__li4671121410513">Packets whose source and destination are in the same subnet.</li><li id="acl_0001__li20671101455117">Broadcast packets with the destination 255.255.255.255/32, which is used to configure host startup information.</li><li id="acl_0001__li867110142516">Multicast packets with the destination 224.0.0.0/24, which is used by routing protocols.</li><li id="acl_0001__li1067121414513">Metadata packets with the destination 169.254.169.254/32 and TCP port number 80, which is used to obtain metadata.</li><li id="acl_0001__li166902023175218">Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16)</li><li id="acl_0001__li11670914165110">A <span id="acl_0001__text13558171917362">firewall</span><span id="acl_0001__text1755991943617"></span> denies all traffic in and out of a subnet excepting the preceding packets. <a href="#acl_0001__table1034601475112">Table 1</a> shows the default rules. You cannot modify or delete the default rules.
+<ul id="acl_0001__ul116891923175218"><li id="acl_0001__li4671121410513">Packets whose source and destination are in the same subnet.</li><li id="acl_0001__li20671101455117">Broadcast packets with the destination 255.255.255.255/32, which is used to configure host startup information.</li><li id="acl_0001__li867110142516">Multicast packets with the destination 224.0.0.0/24, which is used by routing protocols.</li><li id="acl_0001__li1067121414513">Metadata packets with the destination 169.254.169.254/32 and TCP port number 80, which is used to obtain metadata.</li><li id="acl_0001__li166902023175218">Packets from CIDR blocks that are reserved for public services (for example, packets with the destination 100.125.0.0/16).</li><li id="acl_0001__li11670914165110">A <span id="acl_0001__text13558171917362">firewall</span><span id="acl_0001__text1755991943617"></span> denies all traffic in and out of a subnet excepting the preceding packets. <a href="#acl_0001__table1034601475112">Table 1</a> shows the default rules. You cannot modify or delete the default rules.
 <div class="tablenoborder"><a name="acl_0001__table1034601475112"></a><a name="table1034601475112"></a><table cellpadding="4" cellspacing="0" summary="" id="acl_0001__table1034601475112" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Default <span id="acl_0001__text16669711181515">firewall</span> rules</caption><thead align="left"><tr id="acl_0001__row1267171445118"><th align="left" class="cellrowborder" valign="top" width="15.53398058252427%" id="mcps1.3.7.3.6.4.2.8.1.1"><p id="acl_0001__p4671214185116">Direction</p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="11.650485436893202%" id="mcps1.3.7.3.6.4.2.8.1.2"><p id="acl_0001__p46711614195111">Priority</p>
@@ -73,7 +73,7 @@
 <div class="fignone" id="acl_0001__fig1643183218163"><a name="acl_0001__fig1643183218163"></a><a name="fig1643183218163"></a><span class="figcap"><b>Figure 2 </b><span id="acl_0001__text668616281164">firewall</span><span id="acl_0001__text06861728121612"></span> configuration procedure</span><br><span><img class="vsd" id="acl_0001__image49772046165815" src="en-us_image_0162335382.png"></span></div>
 <ol id="acl_0001__ol64961250174814"><li id="acl_0001__li1849614505486">Create a <span id="acl_0001__text71827337167">firewall</span><span id="acl_0001__text7183173318168"></span> by following the steps described in <a href="en-us_topic_0051746698.html">Creating a Firewall</a>.</li><li id="acl_0001__li1518417537486">Add <span id="acl_0001__text593833511166">firewall</span><span id="acl_0001__text9938635141617"></span> rules by following the steps described in <a href="en-us_topic_0051746702.html">Adding a Firewall Rule</a>.</li><li id="acl_0001__li2758155517484">Associate subnets with the <span id="acl_0001__text4742139191618">firewall</span><span id="acl_0001__text4742173951610"></span> by following the steps described in <a href="en-us_topic_0051746700.html">Associating Subnets with a Firewall</a>. After subnets are associated with the <span id="acl_0001__text64553435162">firewall</span><span id="acl_0001__text045594311612"></span>, the subnets will be protected by the configured <span id="acl_0001__text13398324163514">firewall</span><span id="acl_0001__text20400182493515"></span> rules.</li></ol>
 </div>
-<div class="section" id="acl_0001__section28487131277"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="acl_0001__ul4835849194111"><li id="acl_0001__li9945175894218">By default, you can create a maximum of 200 <span id="acl_0001__text1128221665812">firewall</span><span id="acl_0001__text02838165587"></span>s in your cloud account.</li><li id="acl_0001__li11283161645818">You can associate a <span id="acl_0001__acl_0001_text129685145149">firewall</span><span id="acl_0001__acl_0001_text16968514181411"></span> with multiple subnets. However, a subnet can only be associated with one <span id="acl_0001__acl_0001_text1922420915259">firewall</span><span id="acl_0001__acl_0001_text12259912252"></span> at a time.</li><li id="acl_0001__li11694143225713">A <span id="acl_0001__text916455718482">firewall</span><span id="acl_0001__text8164195714480"></span> can contain no more than 20 rules in one direction, or performance will deteriorate.</li><li id="acl_0001__li6244133315818">For optimal performance, import no more than 40 <span id="acl_0001__text520061014912">firewall</span><span id="acl_0001__text172011410184918"></span> rules at a time. Existing rules will still be available after new rules are imported. Each rule can be imported only once.</li></ul>
+<div class="section" id="acl_0001__section28487131277"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="acl_0001__ul4835849194111"><li id="acl_0001__li9945175894218">By default, each account can have up to 200 <span id="acl_0001__text1128221665812">firewall</span><span id="acl_0001__text02838165587"></span>s in a region.</li><li id="acl_0001__li11694143225713">A <span id="acl_0001__text916455718482">firewall</span><span id="acl_0001__text8164195714480"></span> can contain no more than 20 rules in one direction, or performance will deteriorate.</li></ul>
 </div>
 </div>
 <div>

docs/vpc/umn/acl_0002.html

@@ -3,11 +3,11 @@
 <h1 class="topictitle1"><span id="text562655823311">Firewall</span><span id="text9626185816332"></span> Configuration Examples</h1>
 <div id="body1544424023306"><p id="acl_0002__p1822014275313">This section provides examples for configuring <span id="acl_0002__text11248715171311">firewall</span><span id="acl_0002__text45551720134"></span>s.</p>
 <ul id="acl_0002__ul7360923145515"><li id="acl_0002__li3360102315515"><a href="#acl_0002__section11312173319432">Denying Access from a Specific Port</a></li><li id="acl_0002__li17814142865511"><a href="#acl_0002__section61291659102216">Allowing Access from Specific Ports and Protocols</a></li></ul>
-<div class="section" id="acl_0002__section11312173319432"><a name="acl_0002__section11312173319432"></a><a name="section11312173319432"></a><h4 class="sectiontitle">Denying Access from a Specific Port</h4><p id="acl_0002__p37592398439">You might want to block TCP 445 to protect against the WannaCry ransomware attacks. You can add a <span id="acl_0002__text171730540162">firewall</span><span id="acl_0002__text6173105416168"></span> rule to deny all incoming traffic from TCP port 445.</p>
+<div class="section" id="acl_0002__section11312173319432"><a name="acl_0002__section11312173319432"></a><a name="section11312173319432"></a><h4 class="sectiontitle">Denying Access from a Specific Port</h4><p id="acl_0002__p37592398439">You might want to block TCP port 445 to protect against the WannaCry ransomware attacks. You can add a <span id="acl_0002__text171730540162">firewall</span><span id="acl_0002__text6173105416168"></span> rule to deny all incoming traffic from TCP port 445.</p>
 </div>
 <p id="acl_0002__p17694527626"><span id="acl_0002__text43867419349">Firewall</span><span id="acl_0002__text2038694143414"></span> Configuration</p>
-<div class="p" id="acl_0002__p11246171945810"><a href="#acl_0002__table553618145582">Table 1</a> lists the inbound rule required.
-<div class="tablenoborder"><a name="acl_0002__table553618145582"></a><a name="table553618145582"></a><table cellpadding="4" cellspacing="0" summary="" id="acl_0002__table553618145582" frame="border" border="1" rules="all"><caption><b>Table 1 </b><span id="acl_0002__text18267967177">firewall</span><span id="acl_0002__text92678617171"></span> rules</caption><thead align="left"><tr id="acl_0002__row1536191465810"><th align="left" class="cellrowborder" valign="top" width="9.000000000000002%" id="mcps1.3.5.2.2.9.1.1"><p id="acl_0002__p6536131425817"><strong id="acl_0002__b118251314859">Direction</strong></p>
+<div class="p" id="acl_0002__p11246171945810"><a href="#acl_0002__table553618145582">Table 1</a> lists the inbound rules required.
+<div class="tablenoborder"><a name="acl_0002__table553618145582"></a><a name="table553618145582"></a><table cellpadding="4" cellspacing="0" summary="" id="acl_0002__table553618145582" frame="border" border="1" rules="all"><caption><b>Table 1 </b><span id="acl_0002__text01831859163820">Firewall</span><span id="acl_0002__text5183759123816"></span> rules</caption><thead align="left"><tr id="acl_0002__row1536191465810"><th align="left" class="cellrowborder" valign="top" width="9.000000000000002%" id="mcps1.3.5.2.2.9.1.1"><p id="acl_0002__p6536131425817"><strong id="acl_0002__b118251314859">Direction</strong></p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="6.000000000000001%" id="mcps1.3.5.2.2.9.1.2"><p id="acl_0002__p1253641416587"><strong id="acl_0002__b187114616617">Action</strong></p>
 </th>
@@ -62,14 +62,14 @@
 </tbody>
 </table>
 </div>
-<div class="note" id="acl_0002__note197771737151813"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="acl_0002__ul1921959467"><li id="acl_0002__li16285184619">By default, a <span id="acl_0002__text47981110123113">firewall</span><span id="acl_0002__text1480311015317"></span> denies all inbound traffic. You need to allow all inbound traffic if necessary.</li><li id="acl_0002__li163471871466">If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see <a href="vpc_acl_0004.html">Changing the Sequence of a Firewall Rule</a>.</li></ul>
+<div class="note" id="acl_0002__note197771737151813"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="acl_0002__ul1921959467"><li id="acl_0002__li16285184619">By default, a <span id="acl_0002__text1935832351719">firewall</span><span id="acl_0002__text1535872314170"></span> denies all inbound traffic. You can add a rule to allow all inbound traffic if necessary.</li><li id="acl_0002__li163471871466">If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see <a href="vpc_acl_0004.html">Changing the Sequence of a Firewall Rule</a>.</li></ul>
 </div></div>
 </div>
 <div class="section" id="acl_0002__section61291659102216"><a name="acl_0002__section61291659102216"></a><a name="section61291659102216"></a><h4 class="sectiontitle">Allowing Access from Specific Ports and Protocols</h4><p id="acl_0002__p1925418304513">In this example, an ECS in a subnet is used as the web server, and you need to allow inbound traffic from HTTP port 80 and HTTPS port 443 and allow all outbound traffic. You need to configure both the <span id="acl_0002__text188951531191716">firewall</span><span id="acl_0002__text20895203161713"></span> rules and security group rules to allow the traffic.</p>
 <p id="acl_0002__p162351250175215"><span id="acl_0002__text35451725203413">Firewall</span><span id="acl_0002__text1354517256344"></span> Configuration</p>
-<p id="acl_0002__p18763948135714"><a href="#acl_0002__table195634095313">Table 2</a> lists the inbound rule required.</p>
+<p id="acl_0002__p18763948135714"><a href="#acl_0002__table195634095313">Table 2</a> lists the inbound and outbound rules required.</p>
 
-<div class="tablenoborder"><a name="acl_0002__table195634095313"></a><a name="table195634095313"></a><table cellpadding="4" cellspacing="0" summary="" id="acl_0002__table195634095313" frame="border" border="1" rules="all"><caption><b>Table 2 </b><span id="acl_0002__text8320174810174">firewall</span><span id="acl_0002__text2032014485175"></span> rules</caption><thead align="left"><tr id="acl_0002__row56214055319"><th align="left" class="cellrowborder" valign="top" width="8.91089108910891%" id="mcps1.3.6.5.2.9.1.1"><p id="acl_0002__p16212405538"><strong id="acl_0002__b1324725910194">Direction</strong></p>
+<div class="tablenoborder"><a name="acl_0002__table195634095313"></a><a name="table195634095313"></a><table cellpadding="4" cellspacing="0" summary="" id="acl_0002__table195634095313" frame="border" border="1" rules="all"><caption><b>Table 2 </b><span id="acl_0002__text2876195173913">Firewall</span><span id="acl_0002__text118765518396"></span> rules</caption><thead align="left"><tr id="acl_0002__row56214055319"><th align="left" class="cellrowborder" valign="top" width="8.91089108910891%" id="mcps1.3.6.5.2.9.1.1"><p id="acl_0002__p16212405538"><strong id="acl_0002__b1324725910194">Direction</strong></p>
 </th>
 <th align="left" class="cellrowborder" valign="top" width="8.91089108910891%" id="mcps1.3.6.5.2.9.1.2"><p id="acl_0002__p1863340165319"><strong id="acl_0002__b131356012020">Action</strong></p>
 </th>