Restrict Outbound Traffic Using Network Firewall

You can make outbound traffic from your private endpoint-enabled VB instance more secure by configuring the NAT gateway to ensure that all traffic passing through the gateway is processed by your Network Firewall security rules.

The following are the basic steps for creating a network firewall, and a firewall policy to allow selected URLs to pass through the firewall. For more about using and creating firewalls, see Learn OCI Network Firewall in Oracle Cloud Infrastructure with Examples and Overview of Creating a Firewall.

Note:

To create the firewall policy, you will need to know the reverse connection endpoint (RCE) IP addresses of your Visual Builder private endpoint. You will need to submit a Service Request (SR) to obtain the RCE IPs.

To create a network firewall and policy:

  1. Create the network firewall policy.
    1. In the OCI Console navigation menu, click Identity and Security, and then select Network firewall policies.
    2. Click Create network firewall policy, then provide a name and select your compartment in the Create network firewall policy panel. Click Create network firewall policy.
    3. Select Address lists under Policy resources, then click Create address list.
    4. In the Create address list panel, enter the instance's RCE IPs, as well as the private IP address of the VB instance, one on each line. Click Create address list.
    5. Select URL lists under Policy resources, then click Create URL list.
    6. In the Create URL list panel, enter the URLs you want to allow, one on each line. Click Create URL list.

      The list must included static.oracle.com to allow access to runtime libraries needed during staging and publishing.

    7. Select Security rules under Policy resources, then click Create security rule.
    8. In the Create security rule panel, enter a name and specify the following security rule details:
      1. In the Source addresses pane, select Select address lists, and then select the address list you created.
      2. In the URLs pane, select Select URL lists, and then select the URL list you created.
      3. In the Rule Action pane, select Allow Traffic in the drop-down list.

      Click Create security rule.

      The details of your security rule might look something like this:


      Description of pe-firewall-ruledetails.png follows
      Description of the illustration pe-firewall-ruledetails.png

  2. Associate the network firewall policy you created with your network firewall.
    1. Select Network Firewalls, and then click Create network firewall.

      If you already have a firewall, select the firewall you want to use to open the Edit panel.

    2. In the Create network firewall panel (or the Edit panel), select the network firewall policy you created in the drop-down list.
    3. Click Create network firewall (or Save changes if you are editing a firewall).