• Public
  • Public/Protected
  • All

Namespace NetworkSecurityGroup

A network security group (NSG) provides virtual firewall rules for a specific set of Vnic in a VCN. Compare NSGs with SecurityList, which provide virtual firewall rules to all the VNICs in a subnet.

A network security group consists of two items:

The set of Vnic that all have the same security rule needs (for example, a group of Compute instances all running the same application) * A set of NSG SecurityRule that apply to the VNICs in the group

After creating an NSG, you can add VNICs and security rules to it. For example, when you create an instance, you can specify one or more NSGs to add the instance to (see {@link #createVnicDetails(CreateVnicDetailsRequest) createVnicDetails}). Or you can add an existing instance to an NSG with {@link #updateVnic(UpdateVnicRequest) updateVnic}.

To add security rules to an NSG, see {@link #addNetworkSecurityGroupSecurityRules(AddNetworkSecurityGroupSecurityRulesRequest) addNetworkSecurityGroupSecurityRules}.

To list the VNICs in an NSG, see {@link #listNetworkSecurityGroupVnics(ListNetworkSecurityGroupVnicsRequest) listNetworkSecurityGroupVnics}.

To list the security rules in an NSG, see {@link #listNetworkSecurityGroupSecurityRules(ListNetworkSecurityGroupSecurityRulesRequest) listNetworkSecurityGroupSecurityRules}.

For more information about network security groups, see [Network Security Groups](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/networksecuritygroups.htm).

*Important:** Oracle Cloud Infrastructure Compute service images automatically include firewall rules (for example, Linux iptables, Windows firewall). If there are issues with some type of access to an instance, make sure all of the following are set correctly:

Any security rules in any NSGs the instance's VNIC belongs to * Any SecurityList associated with the instance's subnet * The instance's OS firewall rules

To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized, talk to an administrator. If you're an administrator who needs to write policies to give users access, see [Getting Started with Policies](https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policygetstarted.htm).



compartmentId: string

The OCID of the compartment the network security group is in.

Optional definedTags

definedTags: undefined | object

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.

Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

Optional displayName

displayName: undefined | string

A user-friendly name. Does not have to be unique. Avoid entering confidential information.

Optional freeformTags

freeformTags: undefined | object

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.

Example: `{\"Department\": \"Finance\"}`


id: string

The OCID of the network security group.


lifecycleState: LifecycleState

The network security group's current state.


timeCreated: Date

The date and time the network security group was created, in the format defined by RFC3339.

Example: `2016-08-25T21:10:29.600Z`


vcnId: string

The OCID of the network security group's VCN.