A security group is a set of IP filter rules that define networking access and that you can apply to all instances in a project. Group rules are project-specific. Project members can edit the default rules for their group and add new rule sets.
You can use security groups to apply IP rules by creating a new security group with the desired rules or by modifying the rules set in the default security group.
A security group can apply either rules or a security policy, but not both.
For deployments with NSX Transformers, the maximum number of security groups per port is 9.
About the Default Security Group
Each project in VMware Integrated OpenStack has a default security group that is applied to an instance unless another security group is defined and specified. Unless it is modified, the default security group denies all incoming traffic to your instance and permits only outgoing traffic. A common example is to edit the default security group to permit SSH access and ICMP access, so that users can log in to and ping instances.