Oracle by Example brandingSetting Up Security Rules for Oracle Cloud Infrastructure Accounts

section 0Before You Begin

This tutorial explains you how to create ingress security rules and enable the sFTP port for the Oracle Cloud Infrastructure (OCI) accounts.

Background

For OCI accounts, after the Oracle Managed File Transfer (MFT) pod is provisioned, you must configure the sFTP server, enable the port 7522, and create an ingress rule from internet to the managed servers, whether or not you use the load balancer. You do not need to create any egress rules for such accounts.

Following are the steps involved in the post-provisioning set up of your cloud service on OCI:

  1. Set up the MFT sFTP Server. See Setting Up the MFT Embedded sFTP Server 
  2. Create a TCP proxy and a server pool using the Traffic Director Administration Console. See Configuring Oracle Traffic Director (OTD) for MFT Embedded Servers
  3. Create security rules - this tutorial explains creating security rules for OCI accounts.

What Do You Need?

For this tutorial, the following information is needed:

  • A paid or trial subscription to Oracle SOA Cloud Service.
  • Region in which the pod is provisioned such as us-ashburn-1 or us-phoenix-1
  • Oracle Cloud Infrastructure login URL for example https://console.us-ashburn-1.oraclecloud.com
  • Availability Domain
  • Cloud Tenant Name - oic1
  • User ID and password
  • Compartment Name – MockCompartment
  • VCN Name – vcn20180329
  • Subnet Name –  Public Subnet bacH:US-ASHBURN-AD-1

section 1Collect Required Information to Create Security Rules

You need to have the above mentioned tenant information about your Oracle Cloud Infrastructure account handy when creating the security rules.

You can get the above detailed information when creating an instance on the Create Instance page as shown below:

Provisioning
Description of the illustration provisioning

or after creating the pod, on the Instances page:

compute_page
Description of the illustration compute_page

Once you have all the required information mentioned above, start creating the security rules in the OCI console by executing the following steps.

section 2Create Access Rules

  1. Access the OCI console URL, for example https://console.us-ashburn-1.oraclecloud.com
    2. Oracle Cloud Infrastructure console
    Description of the illustration oci_console
  2. Enter the Cloud Tenant name. For example oic1.
  3. Enter the User Name and Password.
  4. After login, console Home page is shown. Select Menu from the top left corner of the page.
    5. OCI Menu options
    Description of the illustration menu
  5. Select Networking, and then Virtual Cloud Networks.
    6. Networking Menu
    Description of the illustration networking_menu
  6. Select the Compartment name from the list. For example Ex MockCompartment.
    7. Compartment Name
    Description of the illustration compartment_name
  7. On the selected compartment, you will see available VCNs. Select your Virtual Cloud Network name, for example Ex vcn20180329.
    8. Virtual Cloud Networks
    Description of the illustration vcns
  8. On the selected VCN, you will see subnets in the compartment. In the subnet, click the link Security Lists: Default Security List for vcn20180329 on the right side of the row to create security rules for the selected subnet.
    9. Security Lists for Selected Subnets
    Description of the illustration security_lists_subnets
    If you want to create security rules for all the subnets in the compartment, click Security Lists on the left panel.

  9. Click Edit All Rules.
    10. Edit Rules
    Description of the illustration edit_rules
  10. Add an ingress rule for port 7522 by setting the values as shown below:
    11. Ingress Rule
    Description of the illustration ingress_rule
    • Source Type – CIDR
    • Source CIDR – 0.0.0.0/0
    • IP Protocol – TCP
    • Source Port Range – All
    • Destination Port Range - 7522
  11. Click Save Security List Rules to save the security rules.

more informationWant to Learn More?