Creating a Network Firewall Policy
Create a policy that you can associate with a network firewall in Oracle Cloud Infrastructure (OCI). Policies contain the rules that control how the firewall inspects, allows, or denies network traffic.
Before you begin, you need the following resources:
- Required IAM service policy permissions for Network Firewall resources, and permission to work in the compartment you want to use.
- A separate compartment for network firewalls and policies so that management is easier and more secure. A separate compartment is optional but recommended.
- An OCI virtual cloud network (VCN) and subnets. For more information, see VCNs and Subnets.
Important
If the policy you use with a firewall doesn't have any rules specified, the firewall denies all traffic.
If the policy you use with a firewall doesn't have any rules specified, the firewall denies all traffic.
- Click Create network firewall policy.
- Enter a descriptive name for the policy. If you don't enter a name, the service automatically generates one for you. Avoid entering confidential information.
- Select a compartment for the policy.
- (Optional) Click Show tagging options and enter tagging information for the policy. For more information, see Overview of Tagging.
- Click Create network firewall policy.
- Use the network-firewall network-firewall-policy create command and required parameters to create a policy.
oci network-firewall network-firewall-policy create --compartment-id compartment_id ...[OPTIONS]For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Use the CreateNetworkFirewallPolicy operation to create a policy.
Next Steps
- Create components and build rules for the policy.
-
Associate the policy with one or more firewalls. For details, see Creating a Firewall and Editing a Network Firewall.