The image shows an OCI region with a virtual cloud network (VCN). Inside the VCN there's a public subnet with a network load
balancer, a private subnet with next generation firewalls, and another flexible private subnet and network load balancer.
Different traffic flows using various ports to components within the subnets. All traffic originates outside of the OCI region,
and flows into OCI using a private network load balancer inside the public subnet. A web application firewall (WAF) sits outside
of the OCI region, equipped with TLS certificates used for WAF inspection.
- Using ports 53/udp to 53/udp, non HTTP/S traffic flows to the production network load balancer within the public subnet. Traffic
then flows to the next generation firewall within the private subnet, before going to the private network load balancer. The
load balancer then distributes traffic to a VM and DNS Server.
- Using ports 4444/tcp to 4444/tcp, HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic
then flows to the next generation firewall within the private subnet, before going to a private application load balancer
with TLS certificate. The load balancer then distributes traffic to virtual machines with backend TLS certificates.
- Using ports 4443/tcp to 4443/tcp HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic
then flows to the next generation firewall within the private subnet, before going to a private application load balancer
with TLS certificate. The load balancer distributes traffic to virtual machines with backend TLS certificates.
- Using ports 2223/tcp to 2223/tcp non HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic
then flows to the next generation firewall within the private subnet, before going to a private network load balancer. The
load balancer then distributes traffic to virtual machines with RDP servers.