Oracle Cloud Infrastructure Documentation

Creating a ZPR Policy

Create a Zero Trust Packet Routing (ZPR) policy in the Zero Trust Packet Routing service.

Familiarize yourself with ZPR policy basics before trying to create a policy.

Note

A ZPR policy can be created only in the root compartment of a tenancy.
    1. Open the navigation menu and click Identity & Security. Under Zero Trust Packet Routing, click Policies.
    2. Click Create policy.
    3. Enter a name and a description for the policy.
    4. Click Add policy statements.
    5. Select which type of policy builder you want to use to create the policy statements:
      • Policy template builder lets you select from a list of templates based on common use case scenarios that provide prefilled ZPR policy statements that you can then customize to create a ZPR policy.
      • Simple policy builder lets you select from prepopulated lists of resources identified by their security attributes to express security intent between two endpoints. The policy builder automatically generates the policy statement using correct syntax.
      • Manual policy builder lets you enter free-form policy.
      Note

      If you change to a different type of policy builder while creating a policy, then ZPR resets the policy statements.
    6. When you're finished adding policy statements, click Add.
    7. (Optional) To apply tags to the policy, click Show advanced options and enter the required values.

      If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

    8. Click Create policy.
    The ZPR policy is enabled by applying security attributes to resources.

  • Use the oci zpr zpr-policy create command and required parameters to create a Zero Trust Packet Routing (ZPR) policy:

    oci zpr zpr-policy create --compartment-id <compartment_ocid> --description <zpr_policy_description> --name <zpr_policy_name> --statements <zpr_policy_statements> [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateZprPolicy operation to create a Zero Trust Packet Routing policy.