Network Firewall Quick Start Guide
Learn how to get started using the Network Firewall service.
- Required IAM Service Policy permissions for Network Firewall, and permission to work in the compartment you want to use.
- A separate compartment for network firewalls and policies so that management is easier and more secure. This is optional, but recommended by Oracle.
- An Oracle Cloud Infrastructure VCN and subnets. For more information, see VCNs and Subnets.
- IP addresses, ports, and URLs that you want to allow or deny access to.
- (Optional, for certificate authentication) Access to and IAM permissions for the OCI Vault service.
1. (Optional) Set Up Certificate Authentication
2. Create a Policy
Create a policy to contain all the rules that control how the firewall inspects, allows, or denies network traffic.
- See Creating a Network Firewall Policy for instructions.
3. (Optional) Create Policy Components and Rules
Use policy components such as lists and profiles to help you build rules. You can use application lists, service lists, URL lists, and address lists to build security and decryption rules. Use mapped secrets to with decryption profiles to define rule actions in decryption rules. Decryption rules are enforced before security rules. If you don't create rules in a policy, then any network firewall it's attached to denies all traffic by default.
4. Create a Firewall and Attach the Policy
The firewall exists in a subnet of choice and controls incoming and outgoing network traffic based on the security rules in an attached policy. If no rules exist in the attached policy, the firewall denies all traffic by default.
- See Creating a Network Firewall for instructions.
5. Route Network Traffic to the Firewall
After the network firewall is created, route traffic to it.
- See Routing Traffic to a Network Firewall for routing scenarios and instructions.