Configure Security Lists
If you plan to provision your Oracle SOA Suite on Marketplace instance in an existing subnet, note that the provisioning process will not create any security lists to open ports in the subnets. You must open the ports explicitly before provisioning.
For more information, see Security Lists in the Oracle Cloud Infrastructure documentation.
Open required ports for your private or public subnet as described in the following scenarios:
- Private subnet with private endpoint and load balancer
- Private subnet with private endpoint and without load balancer
- Private subnet with Bastion instance and load balancer
- Private subnet with Bastion instance and without load balancer
- Public subnet with load balancer
- Public subnet without load balancer
Note:
- Oracle recommends not to allow traffic from the public internet (0.0.0.0/0) on ports 22, 7002, and 9073. This will expose the instance to malicious traffic. You must configure security rules to allow traffic on these ports from known CIDRs only.
- Oracle Marketplace servers will connect (
ssh) to the VM during provisioning and they will report the status to Resource Manager, Stack Jobs. The end user will be able to track the provisioning status.- You must allow traffic from Oracle Marketplace servers for provisioning to complete.
- For Oracle Marketplace server known CIDRs:
- For Government Cloud regions, file a service
request (SR) to obtain IP addresses of Oracle Marketplace
servers.
To file an SR, log in to My Oracle Support, click the Service Requests tab, and click Create Technical SR.
- For non-Government Cloud regions, see https://docs.cloud.oracle.com/en-us/iaas/tools/public_ip_ranges.json.
OCI, for your region. - For Government Cloud regions, file a service
request (SR) to obtain IP addresses of Oracle Marketplace
servers.
Private subnet with private endpoint and load balancer
| Private Subnet | Port Settings |
|---|---|
| Private endpoint subnet |
Port 22 to same subnet CIDR. |
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to private endpoint subnet CIDR. |
|
Port 9073 to load balancer subnet CIDR. |
|
|
All ports to within the same subnet CIDR. |
|
| Load balancer subnet | Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic. |
| DB connectivity | Port 1521 to SOA subnet CIDR. |
Private subnet with private endpoint and without load balancer
| Private Subnet | Port Settings |
|---|---|
| Private endpoint subnet |
Port 22 to same subnet CIDR. |
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to private endpoint subnet CIDR. |
|
All ports to within the same subnet CIDR. |
|
| DB connectivity | Port 1521 to SOA subnet CIDR. |
Private subnet with Bastion instance and load balancer
| Private Subnet | Port Settings |
|---|---|
| Bastion instance subnet |
Port 22 to Oracle Marketplace server CIDRs. See Note above. |
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to Bastion subnet CIDR. |
|
Port 9073 to load balancer subnet CIDR. |
|
|
All ports to within the same subnet CIDR. |
|
| Load balancer subnet | Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic. |
| DB connectivity | Port 1521 to SOA subnet CIDR. |
Private subnet with Bastion instance and without load balancer
| Private Subnet | Port Settings |
|---|---|
| Bastion instance subnet |
Port 22 to Oracle Marketplace server CIDRs. See Note above. |
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to Bastion subnet CIDR. |
|
All ports to within the same subnet CIDR. |
|
| DB connectivity | Port 1521 to SOA subnet CIDR. |
Public subnet with load balancer
| Public Subnet | Port Settings |
|---|---|
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to Oracle Marketplace server CIDRs. See Note above. |
|
Port 9073 to load balancer subnet's CIDR. |
|
|
All ports to within the same subnet CIDR. |
|
| Load balancer subnet | Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic. |
| DB connectivity | Port 1521 to SOA subnet CIDR. |
Public subnet without load balancer
| Public Subnet | Port Settings |
|---|---|
| Oracle SOA Suite on Marketplace instance subnet |
Port 22 to Oracle Marketplace server CIDRs. See Note above. |
|
Port 9074 to public. |
|
|
All ports to within the same subnet CIDR. |
|
| DB connectivity | Port 1521 to SOA subnet CIDR. |
The following screen shows example ingress rules to allow traffic from Oracle Marketplace servers on port 22 in the Tokyo region:
Note:
By default, for both multicast and unicast configurations, the cluster port 7574 is open for both UDP and TCP. TCP port 7 is open for the Coherence TcpRing and IpMonitor death detection feature.
The unicast port range is open for both UDP and TCP traffic. Ensure to set the unicast listen port range instead of using a system assigned ephemeral port.
The coherence.localhost, coherence.localport,
and coherence.localport.adjust system properties are used to
specify the unicast port and automatic port adjustment settings instead of using
the operational override file.
Specify the unicast port using the -D args. For example:
-D coherence.localport=9000
-D coherence.localport.adjust=9200
The coherence.localport.adjust value is the upper limit to
autoadjust the local ports. For example, the above example uses ports 9000 and
9200.
You can use any other port range.