1. Administering Oracle SOA Cloud Service
  2. Secure an Oracle SOA Cloud Service Instance
  3. Configure Network Security
  4. Manage Access Rules for an Oracle SOA Cloud Service Instance
  5. Manage Access Rules for Instances in Oracle Cloud Infrastructure Classic

Manage Access Rules for Instances in Oracle Cloud Infrastructure Classic

Only Oracle Cloud Infrastructure Classic This topic applies only to Oracle Cloud Infrastructure Classic.

Topics:

Create a New Access Rule

Only Oracle Cloud Infrastructure Classic This topic applies only to Oracle Cloud Infrastructure Classic.

To control network access to the nodes in your Oracle SOA Cloud Service instance, you can define access rules.

Note:

See also Security Lists in the Oracle Cloud Infrastructure documentation.

To create a new access rule for an Oracle SOA Cloud Service instance:

  1. In the Oracle SOA Cloud Service Console, click menu icon for the desired service instance and select Access Rules.

    The Access Rules page is displayed, showing the list of all access rules.

  2. Click Create Rule.

    The Create Access Rule dialog is displayed.

  3. Specify a unique Rule Name. Optionally, specify a rule Description.

    The name must begin with a letter, and can contain numbers, hyphens, or underscores. The length cannot exceed 50 characters. When you create a rule, you cannot use prefixes ora_ or sys_.

  4. Specify a Source for the rule:
    • PUBLIC-INTERNET — Any host on the internet.
    • OTD — The Oracle Traffic Director load balancer VMs.
    • WLS_ADMIN_SERVER — The WebLogic Server Administration Server VM.
    • WLS_MANAGED_SERVER — The WebLogic Server Managed Server VMs.
    • DB — The database specified when the Oracle SOA Cloud Service instance was created. If your service instance is configured with more than one database, you can select which database to use for the source.
    • Custom — A custom list of addresses from which traffic should be allowed. In the field that displays below when you select this option, enter a comma-separated list of the subnets (in CIDR format, such as 192.123.42.1/24) or IPv4 addresses for which you want to permit access.
  5. Choose a Destination for the rule:
    • OTD — The Oracle Traffic Director load balancer VMs.
    • WLS_ADMIN_SERVER — The WebLogic Server Administration Server VM.
    • WLS_MANAGED_SERVER — The WebLogic Server Managed Server VMs.

    The source and the destination must be different.

  6. Specify the Destination Port(s) through which the source will access the destination.

    You can specify a single port or a range of ports (such as 7001–8001).

  7. Specify the transport Protocol (TCP or UDP) with which the source will access the destination.
  8. Click Create.
  9. To manage the existing access rules on the Access Rules page, click the Menu icon Menu icon for a rule and choose an option:
    • Enable — Rules of type USER or DEFAULT can be enabled. Rules of type SYSTEM cannot.
    • Disable — Rules of type USER or DEFAULT can be disabled. Rules of type SYSTEM cannot.
    • Delete — Rules of type USER can be deleted. Rules of type DEFAULT or SYSTEM cannot.

Enable or Disable an Access Rule

Only Oracle Cloud Infrastructure Classic This topic applies only to Oracle Cloud Infrastructure Classic.

You can dynamically enable or disable existing access rules for an Oracle SOA Cloud Service instance.

Access rules control the network access to the nodes in your service instance, and to external access from the internet. When a service instance is provisioned, Oracle SOA Cloud Service defines several default access rules. You can enable or disable these rules to control access to specific port numbers on specific nodes. Make sure you consider the possible security implications before you open ports to external access.

  1. In the Oracle SOA Cloud Service Console, click menu icon for the desired service instance and select Access Rules.

    The Access Rules page is displayed, showing the list of all access rules.

  2. On the Access Rules page, beside the rule, click Actions Menu icon, and then select Enable or Disable.
    You can enable or disable USER and DEFAULT type rules. You cannot disable SYSTEM type rules.
  3. When prompted for confirmation, click Enable or Disable.

Delete an Access Rule

You can delete an access rule for an Oracle SOA Cloud Service instance.

Access rules control the network access to the nodes in your service instance, and to external access from the internet. Deleting a rule disables access to specific port numbers on specific nodes.

You can delete only user-created access rules. You cannot delete system-generated access rules.

You cannot modify the configuration of an existing access rule. You must delete the rule and recreate it.

  1. Access your service console.
  2. Beside the service that you want to modify, click Manage this instance Menu icon, and then select Manage Access Rules.
  3. On the Access Rules page, beside the rule, click Actions Menu icon, and then select Delete.
    You can delete USER type rules. You cannot delete SYSTEM or DEFAULT type rules.
  4. When prompted for confirmation, click Delete.

To return to either the Instances page or the Overview page for the selected service instance, click the locator links at the top of the page.