--- title: Security Groups --- # Security Groups Tab Security groups act as virtual firewalls that control inbound and outbound traffic for the cluster. The **Security Groups** tab lists every security group currently attached to the cluster, along with its rules, and lets you attach and detach groups. To open it, select a cluster and choose the **Security Groups** tab. :::warning The control plane requires **TCP port 6443** to be allowed, or `kubectl` and cluster clients cannot reach the API server. The cluster networking overlay also requires **UDP port 8472**. Make sure at least one attached security group permits these ports. ::: --- ## Attach a Security Group 1. On the **Security Groups** tab, select **Attach Security Group**. 2. Select one or more security groups from the available list. 3. Select **Attach** to confirm. ## Detach a Security Group 1. Locate the security group you want to remove. 2. Select **Detach** next to it. 3. Confirm in the dialog. :::note At least **one** security group must remain attached to the cluster at all times - the portal prevents removing the last one. ::: ## Allow All Traffic If traffic is being blocked by a conflict between OS firewall services and security group rules, use **Allow All Traffic** to temporarily permit all inbound and outbound traffic. This creates and attaches an allow-all security group so you can isolate the conflict, then tighten the rules again once it is resolved. --- ## Related Resources | Resource | Use it for | | ------------------------------------------------------------------------------------- | ---------------------------------- | | [Connect to a Cluster](/docs/myaccount/kubernetes/getting-started/connect-to-cluster) | Why port 6443 must be open. | | [Networking](/docs/myaccount/kubernetes/manage/networking) | Service IPs and external exposure. | | [Node Security](/docs/myaccount/node/manage/security) | Security group concepts and rules. |