Go to main content

Oracle^® Advanced Support Gateway Security Guide

Exit Print View

» ...Documentation Home » Oracle^® Advanced Support ... » Oracle Advanced Support Gateway Security Guide » Firewall Rules for Internal Traffic » Firewall Rules Between the Gateway and Oracle ...

Updated: April 2024

Oracle^® Advanced Support Gateway Security Guide

Document Information

Oracle Advanced Support Gateway Security Guide

About the Gateway

General Requirements

Changes to the Security Guide Since the Last Release

Firewall Port Requirements

External Connection

TLS VPN and the Gateway

Alternative External Connection Option

Controlling Remote VPN Access

Customer Access to the Gateway

Internal Connection

Firewall Rules: Ports and Protocols

Firewall Rules for External Traffic

Firewall Rules for External Traffic Through the Encrypted VPN Tunnel

Firewall Rules for Internal Traffic

Firewall Rules Between the Gateway and the Customer Network

Firewall Rules for Gateway Hardware Self-Monitoring

Firewall Rules Between the Gateway and Exadata

Firewall Rules Between the Gateway and ZDLRA

Firewall Rules Between the Gateway and ZFS

Firewall Rules Between the Gateway and Exalogic

Firewall Rules Between the Gateway and SuperCluster

Firewall Rules Between the Gateway and Exalytics

Firewall Rules Between the Gateway and Oracle Database Appliance

Firewall Rules Between the Gateway and Oracle Big Data Appliance

Firewall Rules Between the Gateway and Oracle Private Cloud Appliance

Firewall Rules Between the Gateway and Oracle Standalone Hosts

Firewall Rules Between the Gateway and Oracle Third-Party Hosts

Implementation Changes to a Customer System

The Monitoring Matrix

Implementation Impact on the Environment

All Systems With An Agent Deployed

Engineered Systems Storage Cells

Engineered System Cisco Switches

Engineered System InfiniBand Switches

Engineered System PDU's

Engineered Systems Compute Nodes (Physical Implementation) and Virtual Machines

OVS Compute Nodes

KVM Compute Nodes

Exalogic Compute Nodes (Physical Implementation) and Exalogic Virtual Machines / Control Virtual Machines

ZFS Storage Array Storage Heads

Utilization Impact Risk of OEM Cloud Control Agent on Monitored Systems

Server Prerequisites for Monitoring Deployment

Server Prerequisites for Monitoring Deployment

Monitoring Access: an Overview

User Privileges

Solaris 11 Initial Setup User RBAC Profile

Solaris 10 Initial Setup User RBAC Profile

Solaris sudo Profile

Linux sudo Profile

ILOM User Privileges

Storage Prerequisites for Monitoring Deployment

Monitoring Deployment: an Overview

Oracle ZFS Storage Appliances

Sample Logging Messages

Managing ASR Audit Logs

About ASR Audit Logs

Viewing ASR Audit Logs

Downloading ASR Audit Logs

Installing the Gateway

Gateway Infrastructure Maintenance and Change Management Process

Understanding Responsibilities

Customer Responsibilities

Oracle Responsibilities

Generating a Change Management Request

Understanding the Change Management Workflow

Understanding Maintenance Activities

Language:

Firewall Rules Between the Gateway and Oracle Third-Party Hosts

This section provides a table showing the internal firewall rules between the Gateway and Oracle third-party hosts.

Note - ILOMs on non-Oracle hardware can be monitored by the Oracle Advanced Monitoring and Resolution service. ILOMs on non-Oracle hardware cannot be monitored by Oracle Platinum Services or Oracle Auto Service Request (ASR).

Table 17 Firewall Rules Between the Gateway and Third-Party Standalone Hosts

Application Protocol	Source Interface(s)	Destination Interface(s)	Network Protocol/Port	Purpose
ICMP	All monitored interfaces	Gateway	ICMP Type 0 and 8	Used to test network connectivity between customer systems and the Gateway
ICMP	Gateway	All monitored interfaces	ICMP Type 0 and 8	Used to test network connectivity between the Gateway and customer systems
SNMP	Gateway	Host	UDP/161	SNMP for monitoring
OEM	Gateway	Host	HTTPS/1830-1839	OEM agent communication, typically 1830 is used for Oracle Services
SSH/SCP	Gateway	Host	TCP/22	SSH/SCP connection for implementation and ongoing support
SNMP	Host Host ILOM (if Oracle hardware)	Gateway	UDP/162	SNMP for monitoring events and/or network monitoring
HTTPS (OEM Agent)	Host	Gateway	HTTPS/1159	OEM agent communication to the Gateway
HTTPS	Host	Gateway	TCP/443	Patch Download Service for patching support.

Copyright © 2024, Oracle and/or its affiliates.