Greetings, Thank you for your prompt response, which I've duly noted. It's now clear to me that I won't be able to acquire all features concurrently, including SG, NAT, load balancer, and firewall.
Another query: Is there a method to create a load balancer without a public IP? Additionally, do we possess any corresponding feature for a web application firewall (WAF)? Best regards, Palash Biswas On Tue, Nov 14, 2023 at 5:10 PM Nux <[email protected]> wrote: > Hello, > > Alas you can't just enable security groups on an existing regular > advanced zone, one needs to be created from scratch. > In an adv zone with SG basically you have all your VMs connected in one > big network that is protected and isolated by the so called security > grups which are basically sets of iptables and ebtables rules. > > You lose the ability of having a virtual router in front of your VMs, so > say goodbye to NAT, load balancer, firewall (although you have security > groups which have a similar role), vpn etc. > > What you gain is not insignificant either, because sg zones are simpler > from a networking pov and this is always a good thing. > I find SG zones are usually perfect for VPS/cloud providers. Typically > all the VPS would be connected in a flat network, eg a public /24, each > would get a public IP and they'd be locked into that IP by the security > groups (they won't be able to "steal" IPs). > > HTH > > On 2023-11-14 01:51, Palash Biswas wrote: > > Hi Community Team Member, > > > > I hope you're having a good day. > > I would like to inquire about enabling Security Groups without the need > > to > > recreate Zones. Additionally, I'm interested in understanding the > > potential > > impacts or risks associated with enabling Security Groups with the > > "Advanced" Network Type. > > > > Your guidance and advice on this matter would be greatly appreciated. > > > > Regards, > > Palash Biswas >
