Security groups with advanced zones is for a pretty specific need. In short, security groups are port filtering rules that are applied within a bridge so you can have separate ACLs for each instance. This is generally used on basic networks because public IP addresses are assigned directly to the VM. With advanced networks, the virtual router (or SRX firewall, or some other external device you have tied into CS) does NAT and provides all of the firewalling and port filtering. There are specific use cases when you would want to combine the two but AFAIK it is only supported with KVM. There's an overview here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Security+Groups+Isolation+in+Advanced+Zone -Clayton -----Original Message----- From: Jake G. [mailto:dj_dark_jungl...@yahoo.com] Sent: Tuesday, October 22, 2013 3:32 AM To: users@cloudstack.apache.org Subject: CS4.2 Security groups - need explaination Hi all, I am trying to setup an advance zone. One the very first window of the wizard there is an option to use security groups. What is the difference between using security groups and not using securty groups? Does my network have to be setup differently for each? Thank you, Jake