About ASGs

Application Security Groups (ASGs) are a collections of egress rules that specify the protocols, ports, and IP address ranges where app or task instances send traffic. The platform sets up rules to filter and log outbound network traffic from app and task instances. ASGs apply to both buildpack-based and Docker-based apps and tasks.

When apps or tasks begin staging, they need traffic rules permissive enough to allow them to pull resources from the network. After an app or task is running, the traffic rules can be more restrictive and secure. To distinguish between these two security requirements, administrators can define one ASG for app and task staging, and another for app and task runtime. For more information about staging and running apps, see Application Container Lifecycle.

To provide granular control when securing a deployment, an administrator can assign ASGs to apply to all app and task instances for the entire deployment, or assign ASGs to spaces to apply only to apps and tasks in a particular space.

Only admin users can create and modify ASGs. For information about creating and configuring ASGs, see App Security Groups.

Displaying ASGs for a Space

To view the ASGs associated with a space, perform the following steps.

  1. Log in to Apps Manager.

  2. From the Home page, select the Org that contains the space you want to view.

  3. Select the Space you want to view.

  4. Click the Settings tab.

  5. In the Security Groups section, Apps Manager displays ASGs associated with the selected space.

  6. Click an ASG to expand its egress rules.

alt-text=The Aps Manager Security Groups section. The ASG Manager tab shows all ASGs with their destinations and protocols.

check-circle-line exclamation-circle-line close-line
Scroll to top icon