Firewall Port Requirements
The specifics of the Oracle Services network requirement depends on the customer network topology relative to the Oracle Services Support centers, the Gateway, and the monitored systems. The customer networks must be configured to permit traffic flow as shown in the diagram below.
The firewall rules must be set up to allow traffic flow in two situations:
-
Between the Gateway and Oracle Services Support centers. This is referred to as the external connection.
Note - A web proxy can be used to proxy the HTTPS traffic across the external connection. However, the Gateway does not support NTLM or Kerberos proxy authentication. Transport Layer Security (TLS) VPN traffic can be routed through an unauthenticated proxy server.Caution - To defend against security attacks, you should never connect the Gateway interfaces or the Oracle ILOM Service Processor to a public network, such as the Internet. The Gateway should never be exposed directly to the Internet without the protection of a customer firewall or Access Control List (ACL.) You should keep the Oracle ILOM Service Processor management traffic on a separate management network and grant access only to system administrators. For further information, see the section on Securing the Physical Management Connection in the Oracle ILOM Security Guide.
-
Between the Gateway and the customer's monitored devices, through a customer-controlled firewall or other security devices. This is referred to as the internal connection.
The diagram below depicts an example traffic flow between monitored systems and Oracle. (Detailed firewall rules and templates are provided to the customer during the implementation process.)
Figure 1 High Level Traffic Flow and Firewall Requirement
