Creating a Network Firewall
Use the Network Firewall service to create a network firewall.
Before you begin, you'll need the following resources:
- Required IAM Service Policy permissions for Network Firewall resources, and permission to work in the compartment you want to use.
- A separate compartment for network firewalls and policies so that management is easier and more secure. A separate compartment is optional but recommended.
- An Oracle Cloud Infrastructure (OCI) virtual cloud network (VCN) and subnets. For more information, VCNs and Subnets.
Important
- For better performance, don't add stateful rules to the security list attached to the firewall subnet or include the firewall in a network security group (NSG) that contains stateful rules.
- Security list or NSG rules associated with the firewall subnet and VNICs are evaluated before the firewall. Ensure that security list or NSG rules allow the traffic to enter the firewall so that it can be evaluated appropriately.
- If the policy that you use with the firewall doesn't have any rules specified, the firewall denies all traffic.
Use the network-firewall network-firewall create command and required parameters to create a network firewall. oci network-firewall network-firewall create --compartment-id compartment_id --subnet-id subnet_id --network-firewall-policy-id network_firewall_policy_id[OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Use the CreateNetworkFirewall operation to create a network firewall.