Go to main content

Oracle^® Advanced Support Gateway Security Guide

Exit Print View

» ...Documentation Home » Oracle^® Advanced Support ... » Oracle Advanced Support Gateway Security Guide » Firewall Rules for Internal Traffic » Firewall Rules for Gateway Hardware ...

Updated: March 2024

Oracle^® Advanced Support Gateway Security Guide

Document Information

Oracle Advanced Support Gateway Security Guide

About the Gateway

General Requirements

Changes to the Security Guide Since the Last Release

Firewall Port Requirements

External Connection

TLS VPN and the Gateway

Alternative External Connection Option

Controlling Remote VPN Access

Customer Access to the Gateway

Internal Connection

Firewall Rules: Ports and Protocols

Firewall Rules for External Traffic

Firewall Rules for External Traffic Through the Encrypted VPN Tunnel

Firewall Rules for Internal Traffic

Firewall Rules Between the Gateway and the Customer Network

Firewall Rules for Gateway Hardware Self-Monitoring

Firewall Rules Between the Gateway and Exadata

Firewall Rules Between the Gateway and ZDLRA

Firewall Rules Between the Gateway and ZFS

Firewall Rules Between the Gateway and Exalogic

Firewall Rules Between the Gateway and SuperCluster

Firewall Rules Between the Gateway and Exalytics

Firewall Rules Between the Gateway and Oracle Database Appliance

Firewall Rules Between the Gateway and Oracle Big Data Appliance

Firewall Rules Between the Gateway and Oracle Private Cloud Appliance

Firewall Rules Between the Gateway and Oracle Standalone Hosts

Firewall Rules Between the Gateway and Oracle Third-Party Hosts

Implementation Changes to a Customer System

The Monitoring Matrix

Implementation Impact on the Environment

All Systems With An Agent Deployed

Engineered Systems Storage Cells

Engineered System Cisco Switches

Engineered System InfiniBand Switches

Engineered System PDU's

Engineered Systems Compute Nodes (Physical Implementation) and Virtual Machines

OVS Compute Nodes

KVM Compute Nodes

Exalogic Compute Nodes (Physical Implementation) and Exalogic Virtual Machines / Control Virtual Machines

ZFS Storage Array Storage Heads

Utilization Impact Risk of OEM Cloud Control Agent on Monitored Systems

Server Prerequisites for Monitoring Deployment

Server Prerequisites for Monitoring Deployment

Monitoring Access: an Overview

User Privileges

Solaris 11 Initial Setup User RBAC Profile

Solaris 10 Initial Setup User RBAC Profile

Solaris sudo Profile

Linux sudo Profile

ILOM User Privileges

Storage Prerequisites for Monitoring Deployment

Monitoring Deployment: an Overview

Oracle ZFS Storage Appliances

Sample Logging Messages

Managing ASR Audit Logs

About ASR Audit Logs

Viewing ASR Audit Logs

Downloading ASR Audit Logs

Installing the Gateway

Gateway Infrastructure Maintenance and Change Management Process

Understanding Responsibilities

Customer Responsibilities

Oracle Responsibilities

Generating a Change Management Request

Understanding the Change Management Workflow

Understanding Maintenance Activities

Language:

Firewall Rules for Gateway Hardware Self-Monitoring

This section provides an internal firewall rules table for Gateway hardware self-monitoring.

Note - This functionality is required only if the Gateway ILOM has been configured on a different network than the Gateway Ethernet network interfaces.

Table 5 Firewall Rules for Gateway Hardware Self-Monitoring

Source	Destination	Network Protocol/Port	Purpose
Bidirectional (Gateway ILOM and Gateway)	Bidirectional (Gateway ILOM and Gateway)	ICMP Type 0 and 8	Used to test bidirectional network connectivity
Gateway ILOM	Gateway	SNMP (UDP/162)	SNMP traps for ASR telemetry (Gateway hardware self-monitoring)
Gateway ILOM	Gateway	SSH/SCP (TCP/22)	Allow secure transfer of the firmware image from the OS to ILOM
Gateway ILOM	Gateway	HTTP/8234	ASR alerts from ILOM to the OS
Gateway	Gateway ILOM	RCMP+ (UDP/623; TCP/623)	Management and monitoring via ILOM interface (IPMI)
Gateway	Gateway ILOM	SNMP (UDP/161)	SNMP for ASR telemetry (Gateway hardware self-monitoring)
Gateway	Gateway ILOM	SSH/SCP (TCP/22)	Management and configuration of ILOM
Gateway	Gateway ILOM	ASR (TCP/6481)	ASR for discovery and monitoring by service tags
Gateway	Gateway ILOM	HTTPS/443	Monitoring configuration and fault diagnostic collection

Copyright © 2024, Oracle and/or its affiliates.