Configure Security Lists

If you plan to provision your Oracle SOA Suite on Marketplace instance in an existing subnet, note that the provisioning process will not create any security lists to open ports in the subnets. You must open the ports explicitly before provisioning.

For more information, see Security Lists in the Oracle Cloud Infrastructure documentation.

Open required ports for your private or public subnet as described in the following scenarios:

Note:

Oracle recommends not to allow traffic from the public internet (0.0.0.0/0) on ports 22, 7002, and 9073. This will expose the instance to malicious traffic. You must configure security rules to allow traffic on these ports from known CIDRs only.
Oracle Marketplace servers will connect (ssh) to the VM during provisioning and they will report the status to Resource Manager, Stack Jobs. The end user will be able to track the provisioning status.
- You must allow traffic from Oracle Marketplace servers for provisioning to complete.
- For Oracle Marketplace server known CIDRs:
  - For Government Cloud regions, file a service request (SR) to obtain IP addresses of Oracle Marketplace servers.
    To file an SR, log in to My Oracle Support, click the Service Requests tab, and click Create Technical SR.
  - For non-Government Cloud regions, see https://docs.cloud.oracle.com/en-us/iaas/tools/public_ip_ranges.json.
  You must allow traffic from CIDRs that are tagged as OCI, for your region.

Private subnet with private endpoint and load balancer

Private Subnet	Port Settings
Private endpoint subnet	Port 22 to same subnet CIDR.
Oracle SOA Suite on Marketplace instance subnet	Port 22 to private endpoint subnet CIDR.
	Port 9073 to load balancer subnet CIDR.
	All ports to within the same subnet CIDR.
Load balancer subnet	Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic.
DB connectivity	Port 1521 to SOA subnet CIDR.

Private subnet with private endpoint and without load balancer

Private Subnet	Port Settings
Private endpoint subnet	Port 22 to same subnet CIDR.
Oracle SOA Suite on Marketplace instance subnet	Port 22 to private endpoint subnet CIDR.
Oracle SOA Suite on Marketplace instance subnet	All ports to within the same subnet CIDR.
DB connectivity	Port 1521 to SOA subnet CIDR.

Private subnet with Bastion instance and load balancer

Private Subnet	Port Settings
Bastion instance subnet	Port 22 to Oracle Marketplace server CIDRs. See Note above.
Oracle SOA Suite on Marketplace instance subnet	Port 22 to Bastion subnet CIDR.
	Port 9073 to load balancer subnet CIDR.
	All ports to within the same subnet CIDR.
Load balancer subnet	Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic.
DB connectivity	Port 1521 to SOA subnet CIDR.

Private subnet with Bastion instance and without load balancer

Private Subnet	Port Settings
Bastion instance subnet	Port 22 to Oracle Marketplace server CIDRs. See Note above.
Oracle SOA Suite on Marketplace instance subnet	Port 22 to Bastion subnet CIDR.
Oracle SOA Suite on Marketplace instance subnet	All ports to within the same subnet CIDR.
DB connectivity	Port 1521 to SOA subnet CIDR.

Public subnet with load balancer

Public Subnet	Port Settings
Oracle SOA Suite on Marketplace instance subnet	Port 22 to Oracle Marketplace server CIDRs. See Note above.
	Port 9073 to load balancer subnet's CIDR.
	All ports to within the same subnet CIDR.
Load balancer subnet	Port 443 to public internet (0.0.0.0/0) to allow SOA runtime traffic.
DB connectivity	Port 1521 to SOA subnet CIDR.

Public subnet without load balancer

Public Subnet	Port Settings
Oracle SOA Suite on Marketplace instance subnet	Port 22 to Oracle Marketplace server CIDRs. See Note above.
	Port 9074 to public.
	All ports to within the same subnet CIDR.
DB connectivity	Port 1521 to SOA subnet CIDR.

The following screen shows example ingress rules to allow traffic from Oracle Marketplace servers on port 22 in the Tokyo region: