Go to main content

Oracle^® Advanced Support Gateway Security Guide

Exit Print View

» ...Documentation Home » Oracle^® Advanced Support ... » Oracle Advanced Support Gateway Security Guide » Firewall Rules for Internal Traffic » Firewall Rules Between the Gateway and the ...

Updated: March 2024

Oracle^® Advanced Support Gateway Security Guide

Document Information

Oracle Advanced Support Gateway Security Guide

About the Gateway

General Requirements

Changes to the Security Guide Since the Last Release

Firewall Port Requirements

External Connection

TLS VPN and the Gateway

Alternative External Connection Option

Controlling Remote VPN Access

Customer Access to the Gateway

Internal Connection

Firewall Rules: Ports and Protocols

Firewall Rules for External Traffic

Firewall Rules for External Traffic Through the Encrypted VPN Tunnel

Firewall Rules for Internal Traffic

Firewall Rules Between the Gateway and the Customer Network

Firewall Rules for Gateway Hardware Self-Monitoring

Firewall Rules Between the Gateway and Exadata

Firewall Rules Between the Gateway and ZDLRA

Firewall Rules Between the Gateway and ZFS

Firewall Rules Between the Gateway and Exalogic

Firewall Rules Between the Gateway and SuperCluster

Firewall Rules Between the Gateway and Exalytics

Firewall Rules Between the Gateway and Oracle Database Appliance

Firewall Rules Between the Gateway and Oracle Big Data Appliance

Firewall Rules Between the Gateway and Oracle Private Cloud Appliance

Firewall Rules Between the Gateway and Oracle Standalone Hosts

Firewall Rules Between the Gateway and Oracle Third-Party Hosts

Implementation Changes to a Customer System

The Monitoring Matrix

Implementation Impact on the Environment

All Systems With An Agent Deployed

Engineered Systems Storage Cells

Engineered System Cisco Switches

Engineered System InfiniBand Switches

Engineered System PDU's

Engineered Systems Compute Nodes (Physical Implementation) and Virtual Machines

OVS Compute Nodes

KVM Compute Nodes

Exalogic Compute Nodes (Physical Implementation) and Exalogic Virtual Machines / Control Virtual Machines

ZFS Storage Array Storage Heads

Utilization Impact Risk of OEM Cloud Control Agent on Monitored Systems

Server Prerequisites for Monitoring Deployment

Server Prerequisites for Monitoring Deployment

Monitoring Access: an Overview

User Privileges

Solaris 11 Initial Setup User RBAC Profile

Solaris 10 Initial Setup User RBAC Profile

Solaris sudo Profile

Linux sudo Profile

ILOM User Privileges

Storage Prerequisites for Monitoring Deployment

Monitoring Deployment: an Overview

Oracle ZFS Storage Appliances

Sample Logging Messages

Managing ASR Audit Logs

About ASR Audit Logs

Viewing ASR Audit Logs

Downloading ASR Audit Logs

Installing the Gateway

Gateway Infrastructure Maintenance and Change Management Process

Understanding Responsibilities

Customer Responsibilities

Oracle Responsibilities

Generating a Change Management Request

Understanding the Change Management Workflow

Understanding Maintenance Activities

Language:

Firewall Rules Between the Gateway and the Customer Network

The ports outlined in this table are required for accessing the Gateway customer interfaces (command line and web interfaces) as well as ports required for integrating syslog and user management email notifications.

Table 4 Firewall Rules Between the Gateway and the Customer Network

Source	Destination	Network Protocol/Port	Purpose
Customer User Desktop/Intranet	Gateway	ICMP Type 0 and 8	Optional: Used by customers to test connectivity to the Gateway from their internal networks.
Gateway	Customer default gateway on DMZ	ICMP Type 0 and 8	Ping between the Gateway and the default router is temporarily used during installation of the Gateway to confirm network connectivity.
Customer User Desktop/Intranet	Gateway	TCP/22	Customer access to CLI for network and syslog configuration of the Gateway.
Customer User Desktop/Intranet	Gateway	HTTPS/443	Customer access to Portal interface for administration of the Gateway and access to services.
Customer User Desktop/Intranet	amr.oracle.com Note - This IP address may resolve to multiple working IP addresses.	HTTPS/443	Provides authorization for customer access to the Gateway portal.
Customer User Desktop/Intranet	login-ext.identity.oraclecloud.com Note - This IP address may fail over between Oracle data centers.	HTTPS/443	Provides authentication for customer access to the Gateway portal.
Gateway	Customer syslog server	UDP/514	Rule required if the customer enables the Gateway Audit Logging feature.
Customer User Desktop/Intranet	Gateway ILOM	TCP/22	Customer access from ILOM to assist in failure troubleshooting.
Customer User Desktop/Intranet	Gateway ILOM	HTTPS/443	Customer access from ILOM to assist in failure troubleshooting.
Customer User Desktop/Intranet	Gateway	HTTPS (TCP/7799)	(Optional) Users of the Oracle Advanced Monitoring and Resolution service and the Oracle Lifecycle Support services can access a Reporting Dashboard on the Gateway.

Copyright © 2024, Oracle and/or its affiliates.