Policy Examples
Learn about Zero Trust Packet Routing policies from examples.
You can also learn about policies by exploring the Policy Template Builder.
Database policy examples
Allow databases with the security attribute DB-Server
to connect to OCI services.
in VCN-Network:DB VCN allow db:DB-Server endpoints to connect to 'osn-services-ip-addresses'
Allow clients with the app1
security attribute to connect to the DB-Server:App1
database.
in VCN-Network:DB VCN allow all-endpoints to connect to DB-Server:App1:App1 endpoints with protocol='tcp/1521'
You must use IP addresses to reference targets in different VCN.
Allow clients in the networks:net1
VCN to connect to <range of IP addresses in the other VCN>.
in networks:net1 allow apps:app1 endpoints to connect to '192.168.0.0/16'
192.168.0.0/16
is the range of IP addresses in the other VCN.
Compute instance policy examples
Allow compute:instance1
endpoints to connect to compute:instance2
endpoints in the networks:net1
VCN by SSH.
in networks:net1 VCN allow compute:instance1 endpoints to connect to compute:instance2 endpoints with protocol='tcp/22'
In the networks:net1
VCN allow compute:instance1
endpoints to connect to db:DB-Server
endpoints with protocol='tcp/1521'
.
in networks:net1 allow compute:instance1 endpoints to connect to db:DB-Server endpoints with protocol='tcp/1521'
192.168.0.0/16
is the range of IP addresses in the other VCN.
You must use IP addresses to reference targets in different VCN.
Allow clients in the networks:net1
VCN to connect to <range of IP addresses in the other VCN>
.
in networks:net1 allow apps:app1 endpoints to connect to '192.168.0.0/16'
192.168.0.0/16
is the range of IP addresses in the other VCN.
Network Load Balancer policy examples
In the my:VCN
VCN allow 0.0.0.0/0
IP address to connect to the network load balancer with the XYZ-NLB:NLB1
security attribute.
in my:VCN VCN allow 0.0.0.0/0 to connect to XYZ-NLB:NLB1 endpoints
In the my:VCN
VCN allow network load balancer endpoints with the XYZ-NLB:NLB1
security attribute to connect to ABC-web-servers:app1
endpoints.
in my:VCN VCN allow XYZ-NLB:NLB1 endpoints to connect to ABC-web-servers:app1 endpoints
VCN policy example
Allow compute clients with the applications:app1
security attribute to connect to the database running app1
over a SQLNet connection.
Two policies are used because the database and clients reside in separate VCNs.
in VCN-Network:DB VCN allow DB-client:App1 endpoints to connect to 192.168.0.0/16 with protocol='tcp/1521'
in VCN-Network:Remote VCN allow 0.0.0.0/0 to connect to DB-client:app1 endpoints with protocol='tcp/1521'