Security Objects
Security lists specify the type of traffic allowed on a particular type of subnet.
Rules set on the security lists can be either stateful or stateless. Stateful rules employ connection tracking and have the benefit of not requiring exit rules. However, there is a limit to the number of connections allowed over stateful connections and there is a performance hit. Oracle, therefore, recommends stateless lists for media interfaces.
The security list for management ports can be stateful. Ports that should be
considered for opening for management interfaces include:
- SSH—TCP port 22
- NTP—UDP port 123
- SIP—UDP or TCP port 5060
- SIP TLS—TCP port 5061