Admin port exposed - Alert example

In this topic:

    In this example, an alert occurs as a result of configuration error. The user notices it, views it, and takes corrective action.

    • The user creates an SSH service to apply to the Inbound Policy for a security group. Instead of setting Port Behavior to Closed and requiring a Dynamic Access lease, they mistakenly set it to Open.
    • If the Alerts main navigational control did not display any alert counter previously, it does now. If alerts were present before the configuration error, the number of alerts is increased.
    • The user clicks Alerts and investigates the alert in question.
      image2017-8-12_18-18-13.png
    • Click the 'Review' button to be taken to the security group in question with the offending service rule highlighted;image2017-8-12_18-21-58.png
    • Correct the issue. In this case, click Edit on the SSH service name that is highlighted;
    • This opens the Edit Service Port dialog that enables reconfiguration of service definition:
      image2017-8-12_18-24-31.png
    • Select Limited to reconfigure the SSH service. The default is to configure the service as On-Demand for use with Dynamic Access Leasing,
      which is what we require in our scenario. It is possible, however, to set an individual IP, an IP range in CIDR notation, a DNS name, a Dome9 IP List object,
      or another AWS security group as a permitted source of incoming traffic.
      image2017-8-12_18-26-37.png

    • Save the change by clicking 'Save'. The alert is cleared.
    • It is also possible to check from inside the Security group if any Alerts are still open, Just click on Alerts under related links.
      It will Filter all the Alerts to show only the selected Security group.

      image2017-8-12_18-30-34.png

      No Open Alerts,
      image2017-8-12_18-32-48.png