When you define a private endpoint for your Autonomous Database instance you can provide enhanced security by setting a database property to enforce that all outgoing connections to a target host are subject to and limited by the private endpoint's egress rules. You define egress rules in the Virtual Cloud Network (VCN) security list or in the Network Security Group (NSG) associated with the Autonomous Database instance private endpoint.
Before you set this database property configure your Autonomous Database instance to use a private endpoint. See Configure Private Endpoints for more information.
PRIVATE_ENDPOINT to specify that all
outgoing connections are subject to the Autonomous Database
instance private endpoint VCN's egress rules. With the value
PRIVATE_ENDPOINT the database restricts
outgoing connections to locations specified by the private
endpoint's egress rules.
ROUTE_OUTBOUND_CONNECTIONSnot set to
PRIVATE_ENDPOINT, all outgoing connections to the public internet pass through the Network Address Translation (NAT) Gateway of the service VCN. In this case, if the target host is on a public endpoint the outgoing connections are not subject to the Autonomous Database instance private endpoint VCN or NSG egress rules.
When you configure a private endpoint for your Autonomous Database
instance and set
PRIVATE_ENDPOINT, this setting changes the
handling of outbound connections for the following:
APEX_LDAP, APEX_MAIL, and APEX_WEB_SERVICE
UTL_HTTP, UTL_SMTP, and UTL_TCP
- Connect to your database.
- Set the database property
ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = 'PRIVATE_ENDPOINT';
Notes for setting
Use the following command to restore the default parameter value:
ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = '';
Use the following command to query the current parameter value:
SELECT * FROM DATABASE_PROPERTIES WHERE PROPERTY_NAME = 'ROUTE_OUTBOUND_CONNECTIONS';
If the property is not set the query does not return results.
This property only applies for database links that you create after you set the property to the value
PRIVATE_ENDPOINT. Thus, database links that you created prior to setting the property continue to use the NAT Gateway of the service VCN and are not subject to the Autonomous Database instance private endpoint's egress rules.
ROUTE_OUTBOUND_CONNECTIONSto the value
PRIVATE_ENDPOINTwhen you are using Autonomous Database with a private endpoint.
By default, when you are accessing other private endpoints, the connection is subject to your VCN's egress rules. Setting
ROUTE_OUTBOUND_CONNECTIONShas no effect in this case. The
ROUTE_OUTBOUND_CONNECTIONSproperty applies when you want outgoing connections to follow the private endpoint egress rules even when accessing public endpoints.
See NAT Gateway for more information on Network Address Translation (NAT) gateway.