Adding Security Attributes to a VCN
Use Zero Trust Packet Routing with an existing virtual cloud network (VCN).
You can use Zero Trust Packet Routing (ZPR) along with or in place of network security groups to control network access to OCI resources by applying security attributes to them and creating ZPR policies to control communication among them. For more information, see Zero Trust Packet Routing.
Caution
If an endpoint has a ZPR security attribute, traffic to the endpoint must satisfy ZPR rules as well as all NSG and security list rules. For example, if you're already using NSGs and you apply a security attribute to an endpoint, as soon as the attribute is applied, all traffic to the endpoint is blocked. From then onward, a ZPR policy must allow traffic to the endpoint.
If an endpoint has a ZPR security attribute, traffic to the endpoint must satisfy ZPR rules as well as all NSG and security list rules. For example, if you're already using NSGs and you apply a security attribute to an endpoint, as soon as the attribute is applied, all traffic to the endpoint is blocked. From then onward, a ZPR policy must allow traffic to the endpoint.
- Open the navigation menu , select Networking, and then select Virtual cloud networks.
- Click the name of the VCN that you want to use with Zero Trust Packet Routing. You might need to change the compartment to find the VCN that you want.
- Click the Security attributes tab to view or edit the existing security associations. Or click Add security attributes to add new ones.
Use the network vcn create command and parameters shown to add security attributes when you create a VCN:
oci network vcn create --compartment-id compartment_id [. . .] --security-attributes securityattributes [OPTIONS]Use the network vcn update command and parameters shown to add security attributes to an existing VCN:
oci network vcn update --vcn-id ocid [. . .] --security-attributes securityattributes [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.