Firewall Rules for External Traffic

Language:

Note - The source for all these entries is Oracle Advanced Support Gateway. The rules in Figure 1, Table 1, Firewall Rules Between Oracle Advanced Support Gateway and the Oracle Services Support Center apply to all of Oracle's Connected Services.

Table 1 Firewall Rules Between Oracle Advanced Support Gateway and the Oracle Services Support Center

Destination	Destination IP Address(es)	Application Protocol	Network Protocol/Port	Purpose
adc-ps-ssl-vpn.oracle-occn.com llg-ps-ssl-vpn.oracle-occn.com tokyo-ps-ssl-vpn.oracle-occn.com	198.17.210.28 141.143.215.68 140.83.95.28	TLS VPN	TCP/443 - TLS UDP/443 - DTLS (Datagram TLS)	To establish a TLS VPN connection* between Oracle and Oracle Advanced Support Gateway. *Cannot support communication through an internet proxy.
telemetry-ingestion.us-phoenix-1.oraclecloud.com	129.146.13.236 129.146.14.243 129.146.12.201	HTTPS	TCP/443	To support telemetry for the Cloud at Customer Operations dashboard endpoint; Phoenix, USA.
telemetry-ingestion.us-ashburn-1.oraclecloud.com	140.91.12.7 140.91.10.15 140.91.14.5	HTTPS	TCP/443	To support telemetry for the Cloud at Customer Operations dashboard endpoint; Ashburn, USA.
dts.oracle.com	192.206.43.1	HTTPS	TCP/443	To securely transport monitoring data to Oracle.
transport-adc.oracle.com	141.146.156.41	HTTPS	TCP/443	To securely transport monitoring and other data to Oracle.
ccr.oracle.com	141.146.54.49	HTTPS	TCP/443	To upload the customer's configuration data to Oracle's centralized configuration repository.
support.oracle.com	141.146.54.16	HTTPS	TCP/443	To download patches onto Oracle Advanced Support Gateway from My Oracle Support (MOS) via the Oracle Enterprise Manager (OEM) Cloud Control UI.
login.oracle.com Note - Each hostname currently resolves to multiple working IP addresses. Access to all addresses listed must be permitted as Oracle will switch from one to another in the near future.	209.17.4.8 156.151.58.18 141.146.8.119	HTTPS	TCP/443	To connect to Oracle's centralized authentication site.
updates.oracle.com	141.146.44.51	HTTPS	TCP/443	To provide patch downloads via Oracle Enterprise Manager (OEM).
acs-rac.oracle.com	129.157.65.44	HTTPS	TCP/2056	When the Remote Access Control feature is active on Oracle Advanced Support Gateway (that is, the "Green Button" is on), rsyslog is used to send audit logs to Oracle via a secured channel. Note - The RAC/Green Button feature is not supported on Oracle Advanced Support Gateway for Cloud at Customer.
ZFS Phone Home	129.157.65.13 129.157.65.14 141.146.1.169	ZFS Phone Home	TCP/443	ZFS fault monitoring is shipped direct to these Oracle systems. Used when Oracle Advanced Support Gateway hosts a proxy server for the ZFS Storage Heads.
Oracle Public Cloud Object Store, that is, objectstorage..oraclecloud.com, where is a location	Oracle recommends that customers open the firewall corresponding to the OCI site closest to the Gateway location. Select one of the following OCI sites: ap-tokyo-1: 134.70.80.0/22 eu-frankfurt-1 134.70.40.0/21 134.70.48.0/22 uk-london-1 134.70.56.0/21 134.70.64.0/22 us-ashburn-1 134.70.24.0/21 134.70.32.0/22 sa-saopaulo-1 134.70.84.0/22	HTTPS	TCP/443	Object Store content download to provide software and patches for the Oracle Advanced Support Gateway for Cloud at Customer system.
DNS servers for oraclecloud.com	216.146.35.35 216.146.36.36	DNS	TCP/UDP 53	To resolve Oracle Object Store IP addresses hosted within Oracle Cloud Infrastructure (OCI).
oauth-e.oracle.com	156.151.58.70 209.17.4.26 Note - 156.151.58.70 and 209.17.4.26 are multiple IP addresses used to service oauth-e.oracle.com. DNS resolution may return a different IP address. Ensure access is granted for each IP directly.	HTTPS	TCP/443	To provide support for Oracle centralized authentication for Oracle Enterprise Manager.