To secure network access to Oracle Java Cloud Service instances provisioned in Oracle Cloud Infrastructure regions, you can define security ingress rules.
If you provisioned an Oracle Java Cloud
Service instance without explicitly specifying a named subnet, the instance is assigned to the predefined Virtual Cloud Network (VCN) named
svc-vcn, which is found in the
ManagedCompartmentForPaaS compartment. You cannot modify resources in
svc-vcn, such as assign security lists or add ingress rules.
If your Oracle Java Cloud
Service instance is assigned to
svc-vcn, submit a Service Request (SR) with Oracle Support Services to obtain access for updating ports and ingress rules in
When you create an Oracle Java Cloud Service instance, the WebLogic administration server and managed servers are configured with network channels that support HTTP and HTTPS traffic only. The administration server channels (7001 and 7002) and managed server channels (8001 and 8002) do not support the T3 and T3 over SSL (T3S) protocols, and they do not support tunneling. Internal T3 and T3S communication is done via ports 9071 and 9072 (administration server) and 9073 and 9074 (managed servers).
Before you can take advantage of features like Java Message Service or perform certain tasks such as deploying applications via Oracle JDeveloper, you'll need to set up security ingress rules to control access to ports 9071 and 9072 (administration server) or 9073 and 9074 (managed servers).
In the Oracle Cloud Infrastructure Console, add ingress rules to the appropriate ports (9071-9074) using a fixed set of IPs or a restricted CIDR that matches your organization's network addresses. This ensures only known IP addresses have access to the ports.
See To Create a Security List in the Oracle Cloud Infrastructure documentation.