The image shows how traffic from different sources flows to an Oracle Integration instance when you use the Oracle Integration allowlist and Oracle Cloud Infrastructure Web Application Firewall (WAF).

To the left of the allowlist are the sources of traffic that pass through WAF and then the allowlist: first, a single IP address that is on the allowlist; second, a Classless Inter-Domain Routing (CIDR) block that is on the allowlist; and finally, and an IP addrss that is not on the allowlist. Traffic from the first two items passes through WAF and then the allowlist before proceeding to Oracle Integration, as expected. However, the IP address that is not on the allowlist is blocked by the allowlist and doesn't reach Oracle Integration, as expected.

Below the Oracle Integration allowlist is the service gateway, through which traffic from the Virtual Cloud Network (VCN) passes on its way to the Oracle Integration allowlist and then on to Oracle Integration.