Known Issues for Network Firewall

Known issues for the Network Firewall service.

Editing a Firewall Policy Can Cause a Connection Reset in Certain Circumstances

Details

When you make the following changes to a firewall, the update causes a connection reset in the firewall:

Updating mapped secret information in a policy attached to a firewall.
Changing the firewall policy to one that uses different mapped secret information than the old policy.

Editing other types of information in the attached policy besides mapped secrets will not result in a connection reset.

Details: When the firewall creation task exceeds 30 to 35 minutes, Terraform times out before it completes because of the Terraform refreshing state.
Workaround: To avoid the timeout, set the timeout to 35 minutes + buffer time for the Terraform state refresh at the oci_network_firewall_network_firewall resource level.

Details

To prevent failures during network firewall policy upgrades, ensure your policy meets the following criteria:

Application List: If a policy includes an 'Application List' with a name longer than 24 characters, it might cause an upgrade failure. We recommend shortening these application list names to 24 characters or less.
Security Rules: In the 'Security Rules' section, if any of the lists (Applications, URLs, Sources, or Destinations) contain more than 25 elements, split these rules into several rules.
Decryption Rules: Similarly, in the 'Decryption Rules' section, if any of the Sources or Destinations lists exceed 25 elements, divide these rules into several rules.