Managing a Network Load Balancer's Security Attributes

Add, update, and remove security attributes associated with a network load balancer.

Use Zero Trust Packet Routing (ZPR) along with, or in place of, network security groups to control network access to OCI resources by applying security attributes to them and creating ZPR policies to control communication among them. For more information, see Zero Trust Packet Routing.

ZPR security attributes added to a network load balancer are always configured as the Enforce mode.

    1. Access the Details page of the network load balancer. See Getting a Network Load Balancer's Details.
    2. Click Add security attributes. The Add security attributes dialog box appears.
    3. Complete the following items:
      • Namespace: Select a security attribute namespace from the list. This list contains those security attribute namespaces already configured. See Creating a Security Attribute Namespace for more information.

      • Key: Select a key from the list.

      • Value: Select a value for the corresponding key from the list.

    4. Click Add security attribute to add another attribute (to a maximum of three). Click X to remove the associated attribute.
      You can also update the configuration of any existing security attribute listed here.
    5. Click Add security attributes to complete the task and return to the network load balancer's Details page.

    The security attributes you added or updated are viewable Security tab in the network load balancer's Details page.

  • Use the --security-attributes option when running the oci nlb network-load-balancer update command to add ZPR security attributes when you're updating it:

    oci nlb network-load-balancer update --network-load-balancer-id network_load_balancer_ocid --security-attributes security_attributes [OPTIONS]

    where security_attributes are ZPR tags for this network load balancer. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.

    For example:

    --network-load-balancer-id {"oracle-zpr":{"td":{"value":"42","mode":"audit"}}}

    This is a complex type whose value must be valid JSON.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Add security attributes to a network load balancer's VCN configuration.

    Run the UpdateNetworkLoadBalancer operation to create a network load balancer. Include the securityAttributes attributes and it values.