Add a Security Rule to a Firewall Policy

Security rules contain a set of criteria against which a network packet is matched and then allowed or blocked.

Before you can create a security rule:

Create application lists, service lists, address lists, and URL lists to use when creating the rule.

The specified source and destination match condition for the traffic consists of lists that you configure in the policy before you construct the rule. You can create a maximum of 10,000 security rules for each policy.

Important

If no match criteria are defined in the security rule (an empty list is specified for the rule), then the rule matches to wildcard ("any") criteria. This behavior applies to all traffic examined in the rule.

1. On the navigation menu, select Identity & Security. Go to Firewalls, select Network Firewall Policies.
2. Select the policy.
3. Under Policy resources, select Security rules.
4. Select Create security rule.
5. Enter the information for the security rule:
  
  Name: Enter a name.
  
  Match condition: Specify that the rule matches Any address, application, service, or URL. Alternatively, specify source and destination addresses, applications, services, or URLs that much match for the rule to take effect. You can select any of the lists you created. If you haven't previously created any lists, select Create address list, Create application list, Create service list, or Create URL list and see Create a URL List.
  
  Rule action: Specify the action that you want to take if the match condition is met:
  
  Allow traffic: The traffic is allowed to proceed.
  
  Drop traffic: The traffic is dropped silently, no notification of reset is sent.
  
  Intrusion detection: Logs the traffic
  
  Intrusion prevention: Blocks the traffic.
  Important
  
  If you want to use intrusion detection and prevention, you must also enable logging. See Logging Firewall Activity.
  
  Reject traffic: The traffic is dropped and a reset notification is sent.
  
  Rule order: Select the position of the rule in relation to other security rules in the policy. The firewall will apply the security rules in the specified order from first to last. You can specify the following rule positions:
  
  First rule in the list
  
  Last rule in the list
  
  Custom position (Only enabled if you create more than one security rule.)
  
  If you select Custom position, specify whether you want this rule to come Before an existing rule, or After an existing rule. Then, specify the existing rule you want the new rule to come before or after.
6. Select Create security rule.

Use the network-firewall security-rule create command and required parameters to create a decryption rule:

oci network-firewall security-rule create --name my_security_rule --network-firewall-policy-id network firewall policy OCID
--action ALLOW --condition '[{"sourceAddress":"IP_address"}]' ...[OPTIONS]

For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

Run the CreateSecurityRule operation to create a security rule.

Oracle Cloud Infrastructure Documentation Try Free Tier

Add a Security Rule to a Firewall Policy

Oracle Cloud Infrastructure Documentation
Try Free Tier