Outbound Allowlist Management

The customer or system integrator can request a DNS (Domain name service) name to be added in the allowlist for outbound interface communication. An allowlist provides access to specified DNS addresses that the Oracle network would otherwise prevent access to. For Oracle Utilities cloud services, a customer or system integrator must request a DNS to be added to the allowlist for outbound communication to all external systems.

There are multiple network access options supported, including:

• Accessing the endpoint DNS via public internet

• Accessing the endpoint DNS via Service Gateway (for accessing other oracle cloud services with-in oracle network. Such as Oracle Integration Cloud)

• Accessing the endpoint DNS via Private Endpoint (PE) or Reverse Connection Endpoint (RCE)

Once the requested DNS entry is added to the outbound allowlist, it is a customer responsibility to pro-actively maintain the following requirements:

• TLS / SSL Certificate should be issued by a valid SSL Authority

• Certificate's name(s) must match the server / endpoint name

• Installation of TLS / SSL Certificate should include complete authentication chain

• Expiry / Validation of TLS / SSL Certificate of the endpoint

• Support minimum of TLS 1.2

Note: Customers may use TLS / SSL validations tools such as openssl, TLS / SSL verification websites (https://www.ssllabs.com/ etc.) to validate the compliance requirements mentioned above.