Creating a Network Firewall Policy

Create a policy that you can associate with a network firewall in Oracle Cloud Infrastructure (OCI). Policies contain the rules that control how the firewall inspects, allows, or denies network traffic.

Before you begin, you need the following resources:
  • Required IAM service policy permissions for Network Firewall resources, and permission to work in the compartment you want to use.
  • A separate compartment for network firewalls and policies so that management is easier and more secure. A separate compartment is optional but recommended.
  • An OCI virtual cloud network (VCN) and subnets. For more information, see VCNs and Subnets.

If the policy you use with a firewall doesn't have any rules specified, the firewall denies all traffic.
    1. Open the navigation menu and click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click Create network firewall policy.
    3. Enter a descriptive name for the policy. If you don't enter a name, the service automatically generates one for you. Avoid entering confidential information.
    4. Select a compartment for the policy.
    5. (Optional) Click Show tagging options and enter tagging information for the policy. For more information, see Overview of Tagging.
    6. Click Create network firewall policy.
  • Use the network-firewall network-firewall-policy create command and required parameters to create a policy.
    oci network-firewall network-firewall-policy create 
    --compartment-id compartment_id ...[OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Use the CreateNetworkFirewallPolicy operation to create a policy.