It is strongly recommended to limit traffic to your SoftNAS instances to known IP addresses, to ensure security, especially if leveraging a public IP address. As it is strongly recommended to use the internal IP address when configuring SnapReplicate™ and SNAP HA, and as you will not yet have the internal IP addresses of your instances when creating the initial instance in an HA pair, it may be more expedient to configure the security group after instance creation. If you have restricted HTTPS traffic to your local IP address, you may need to later alter the Security Group if your local IP address changes, as this restriction may prevent access to your instance. Also, additional rules will also have to be configured if Platinum features will be leveraged. More information on configuring your security group for individual Platinum features can be found in the link below:
To edit the rules assigned to your Security Group for a given SoftNAS on AWS instance, the easiest way to find the correct Security Group is to:
- Select the instance in question from the EC2 Console, under Instances.
- Then find the Security Group column by scrolling all the way to the left, and click the Security Group.
This will open the Security Groups panel, with the security group used for the instance already selected. (If you opened Security Groups from the EC2 dashboard menu, you would have to search the correct security group from the full list of available security groups.) Click Action, and select Edit Inbound Rules.
In Edit Inbound Rules, you will configure the IP addresses from which traffic will flow, or from which you will connect to the instance – typically this means the internal IP address of the target instance for the source instance, and the internal IP of the source instance for the target instance. It is also prudent to limit traffic to your own IP address or a range of IP addresses if multiple people are to work with the SoftNAS instance.
To view the internal IP address of each node, from the EC2 console, select Instances, then select the instance - the Private IPs entry shows the instance's private IP address used for SnapReplicate.