Oracle Cloud Infrastructure Documentation

Creating an Application

Create an application that you can include in an application list. Use application lists to build rules in a Network Firewall policy.

Before you can create an application in a policy, you must first create a policy.
An application is defined by a signature based on the protocols it uses. Layer 7 inspection is used to identify matching applications. You can have a maximum of 6,000 applications in each policy. The following parameters are used to define an application:
  • Name: A unique name you define for the application.
  • Protocol: ICMP, or ICMPv6
  • ICMP Type: 0-Echo reply, 3-Destination unreachable, 5-Redirect, 8-Echo.
  • ICMP Code: Used when you select ICMP. 0-Net unreachable, 1-Host unreachable, 2-Protocol unreachable, 3-Port unreachable
See Creating Network Firewall Policy Components for more information.

For more information about ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

You can create applications one at a time using the following instructions, or you can import many at the same time using a .json file. See Bulk Importing Network Firewall Policy Components more information.

After you create applications, you can add them to an application list in the policy. You can't add applications from one policy to a list in a different policy. The application must be created within each policy you want to use it in.

Important

Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
    1. Open the navigation menu and click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click a policy in the list.
    3. In Policy resources, click Applications.
    4. Click Create application.
    5. Enter the information for the application:
      • Name: Enter a friendly name for the application. Avoid entering confidential information.
      • Protocol: Choose ICMP or ICMPv6 as the protocol to define the application.
      • Type: Select an ICMP or ICMPv6 type.
      • Code: (Optional) Select an ICMP or ICMPv6 code.
      For detailed information about ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.
    6. Click Create application.

  • Use the network-firewall application create command and required parameters to create an application:

    oci network-firewall application create --name my_app
--network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID[OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateApplication operation to create an application.