Firewall Rules for External Traffic

Language:

Note - The source for all these entries is the Gateway. The rules in Figure 2, Table 2, Firewall Rules Between the Gateway and the Oracle Services Support Center apply to all of Oracle's Connected Services. In order to log in to the Gateway portal, your local browser is redirected to https://amr.oracle.com and https://login-ext.identity.oraclecloud.com for the authentication and authorization required.

Table 2 Firewall Rules Between the Gateway and the Oracle Services Support Center

Destination	Destination IP Address(es)	Application Protocol	Network Protocol/Port	Purpose
adc-ps-ssl-vpn.oracle-occn.com llg-ps-ssl-vpn.oracle-occn.com tokyo-ps-ssl-vpn.oracle-occn.com	198.17.210.28 141.143.215.68 140.83.95.28	TLS VPN	HTTPS/443 - TLS UDP/443 - DTLS (Datagram TLS)	To establish a TLS VPN connection between Oracle and the Gateway. VPN communication over a proxy is supported if the provided proxy does not require authentication.
dts.oracle.com	192.206.43.1	HTTPS	HTTPS/443	To securely transport monitoring data to Oracle.
transport-adc.oracle.com	141.146.156.41	HTTPS	HTTPS/443	To securely transport monitoring and other data to Oracle.
support.oracle.com	141.146.54.16	HTTPS	HTTPS/443	To download patches onto the Gateway from My Oracle Support (MOS) via the Oracle Enterprise Manager (OEM) Cloud Control UI.
linux-update.oracle.com linux-update-adc.oracle.com linux-update-ucf.oracle.com	138.1.51.46 137.254.56.42 156.151.58.24	HTTPS	HTTPS/443	To patch the Gateway and to download patches (from Unbreakable Linux Network servers) for customers who have patching services.
updates.oracle.com	141.146.44.51	HTTPS	HTTPS/443	To provide patch downloads via Oracle Enterprise Manager (OEM).
epoah.oracle.com	138.1.50.56	HTTPS	HTTPS/443	To download updated virus definitions used by security tooling for scans and to upload scans back to Oracle.
acs-rac.oracle.com	129.157.65.44	TCPS	TCP/2056	When the Remote Access Control feature is active on the Gateway (that is, the "Green Button" is on), rsyslog is used to send audit logs to Oracle via a secured channel. This is using SYSLOG over TCPS and is not able to use a HTTP proxy.
acs-rac.oracle.com	129.157.65.44	HTTPS	HTTPS/443	Gateway file integrity monitoring using a secured channel.
login-ext.identity.oraclecloud.com	141.146.8.119 131.186.9.131 Note - 141.146.8.119 and 131.186.9.131 are multiple IP addresses used to service login-ext.identity.oraclecloud.com. DNS resolution may return a different IP address. Ensure access is granted for each IP above as well as the DNS record you receive. If using a proxy, ensure that the proxy allows access to any address returned by DNS on that host to login-ext.identity.oraclecloud.com.	HTTPS	HTTPS/443	To provide support for Oracle centralized authentication for Oracle Enterprise Manager and downloads from updates.oracle.com.