Network Firewall Quick Start Guide
Learn how to get started using the Network Firewall service.
Prerequisites
- Required IAM Service Policy permissions for Network Firewall, and permission to work in the compartment you want to use.
- A separate compartment for network firewalls and policies so that management is easier and more secure. This is optional, but recommended by Oracle.
- An Oracle Cloud Infrastructure VCN and subnets. For more information, see VCNs and Subnets.
- IP addresses, ports, and URLs that you want to allow or deny access to.
- (Optional, for certificate authentication) Access to and IAM permissions for the OCI Vault service.
1. (Optional) Set Up Certificate Authentication
To use decryption rules in a firewall, you must set up mapped secrets to use in a decryption profile contained in the attached policy. You need to be signed up for the OCI Vault service to use certificate authentication.
- See Setting Up Certificate Authentication for instructions.
2. Create a Policy
Create a policy to contain all the rules that control how the firewall inspects, allows, or denies network traffic.
- See Creating a Network Firewall Policy for instructions.
3. (Optional) Create Policy Components and Rules
Use policy components such as lists and profiles to help you build rules. You can use application lists, service lists, URL lists, and address lists to build security and decryption rules. Use mapped secrets to with decryption profiles to define rule actions in decryption rules. Decryption rules are enforced before security rules. If you don't create rules in a policy, then any network firewall it's attached to denies all traffic by default.
- See Creating Network Firewall Policy Components for more information about each component type and instructions about how to create individual components.
- See Bulk Importing Network Firewall Policy Components for instructions about how to bulk upload components.
4. Create a Firewall and Attach the Policy
The firewall exists in a subnet of choice and controls incoming and outgoing network traffic based on the security rules in an attached policy. If no rules exist in the attached policy, the firewall denies all traffic by default.
- See Creating a Network Firewall for instructions.
5. Route Network Traffic to the Firewall
After the network firewall is created, route traffic to it.
- See Routing Traffic to a Network Firewall for routing scenarios and instructions.