Firewall Rules for External Traffic
Table 2 Firewall Rules Between the Gateway and the Oracle Services Support
Center
|
|
|
|
|
adc-ps-ssl-vpn.oracle-occn.com
llg-ps-ssl-vpn.oracle-occn.com
tokyo-ps-ssl-vpn.oracle-occn.com
|
198.17.210.28
141.143.215.68
140.83.95.28
|
TLS VPN
|
HTTPS/443 - TLS
UDP/443 - DTLS (Datagram TLS)
|
To establish a TLS VPN connection between Oracle and the
Gateway.
VPN communication over a proxy is supported if the provided
proxy does not require authentication.
|
dts.oracle.com
|
192.206.43.1
|
HTTPS
|
HTTPS/443
|
To securely transport monitoring data to Oracle.
|
transport-adc.oracle.com
|
141.146.156.41
|
HTTPS
|
HTTPS/443
|
To securely transport monitoring and other data to
Oracle.
|
support.oracle.com
|
141.146.54.16
|
HTTPS
|
HTTPS/443
|
To download patches onto the Gateway from My Oracle Support
(MOS) via the Oracle Enterprise Manager (OEM) Cloud Control
UI.
|
linux-update.oracle.com
linux-update-adc.oracle.com
linux-update-ucf.oracle.com
|
138.1.51.46
137.254.56.42
156.151.58.24
|
HTTPS
|
HTTPS/443
|
To patch the Gateway and to download patches (from Unbreakable
Linux Network servers) for customers who have patching
services.
|
updates.oracle.com
|
141.146.44.51
|
HTTPS
|
HTTPS/443
|
To provide patch downloads via Oracle Enterprise Manager
(OEM).
|
epoah.oracle.com
|
138.1.50.56
|
HTTPS
|
HTTPS/443
|
To download updated virus definitions used by security tooling
for scans and to upload scans back to Oracle.
|
acs-rac.oracle.com
|
129.157.65.44
|
TCPS
|
TCP/2056
|
When the Remote Access Control feature is active on the
Gateway (that is, the "Green Button" is on), rsyslog is used to
send audit logs to Oracle via a secured channel.
This is using SYSLOG over TCPS and is not able to use a HTTP
proxy.
|
acs-rac.oracle.com
|
129.157.65.44
|
HTTPS
|
HTTPS/443
|
Gateway file integrity monitoring using a secured
channel.
|
login-ext.identity.oraclecloud.com
|
-
141.146.8.119
-
131.186.9.131
Note -
141.146.8.119 and 131.186.9.131 are multiple IP
addresses used to service
login-ext.identity.oraclecloud.com. DNS resolution may
return a different IP address. Ensure access is granted for
each IP above as well as the DNS record you receive. If
using a proxy, ensure that the proxy allows access to any
address returned by DNS on that host to
login-ext.identity.oraclecloud.com.
|
HTTPS
|
HTTPS/443
|
To provide support for Oracle centralized authentication for
Oracle Enterprise Manager and downloads from
updates.oracle.com.
|
|