Managing Security Applications

About Security Applications

A security application allows you to specify the protocol and port that you want to use to enable traffic between a source and a destination using security rules.

You can either create a security application, or use one of the predefined security applications.

Listing Security Applications

Compute Classic provides a number of predefined security applications that you can use in security rules.

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand Shared Network, and then click the Security Applications.

The Security Applications page displays a list of security applications.

Tip:

You can filter the list of security applications according to their category. To view security applications of a specific category (such as IaaS, PaaS, or Personal), click the Category menu and select the appropriate filter. You can also filter security applications according to the protocol type by clicking the Show menu and selecting the appropriate filter.

To view a list of security applications using the CLI, use the opc compute sec—application list command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To view a list of security application using the API, use the GET /secapplication/container method. See REST API for Oracle Cloud Infrastructure Compute Classic.

Creating a Security Application

Compute Classic provides a number of predefined security applications that you can use. You can also create your own security applications.

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand Shared Network, and then click the Security Applications.
  4. Click Create Security Application.
  5. Enter or select the following information:
    • Enter a name for the security application.

    • Select the port type.
      • If you select the tcp or udp port type, then enter the port range.

      • If you select the icmp port type, then enter the ICMP type.

    • Enter a meaningful description.

  6. Click Create.

To create a security application using the CLI, use the opc compute sec—application add command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To create a security application using the API, use the POST /secapplication/ method. See REST API for Oracle Cloud Infrastructure Compute Classic.

You can also create a security application by using orchestrations. See Orchestration v1 Attributes Specific to Each Object Type or Orchestration v2 Attributes Specific to Each Object Type.

Deleting a Security Application

You can delete a security application that isn’t being used by any security rule.

Prerequisites

  • To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  • Ensure that no security rule is using the security application that you want to delete.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to delete an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state.

If you created the object using orchestration v1, then you can delete the object by terminating the orchestration. See Terminating an Orchestration v1.

If you created the object using an orchestration v2, then you can delete the object by suspending, terminating, or updating the orchestration. See Suspending an Orchestration v2, Terminating an Orchestration v2, or Updating an Orchestration v2.

Procedure

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand Shared Network, and then click the Security Applications.
  4. Identify the security application that you want to delete. From the menu icon menu, select Delete.

To delete a security application using the CLI, use the opc compute sec—application delete command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To delete a security application using the API, use the DELETE /secapplication/name method. See REST API for Oracle Cloud Infrastructure Compute Classic.

If you created a security application using an orchestration v1, then you can delete the security application by stopping the orchestration. See Terminating an Orchestration v1.

If you created a security application using an orchestration v2, then you can delete the security application by suspending, terminating, or updating the orchestration. See Suspending an Orchestration v2, Terminating an Orchestration v2, or Updating an Orchestration v2.