The image shows an OCI region with a virtual cloud network (VCN). Inside the VCN there's a public subnet with a network load balancer, a private subnet with next generation firewalls, and another flexible private subnet and network load balancer. Different traffic flows using various ports to components within the subnets. All traffic originates outside of the OCI region, and flows into OCI using a private network load balancer inside the public subnet. A web application firewall (WAF) sits outside of the OCI region, equipped with TLS certificates used for WAF inspection.

• Using ports 2222/tcp to 2222/tcp, non HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic then flows to the next generation firewall within the private subnet, before going to the private network load balancer. The load balancer then distributes traffic to a VM and DNS Server.
• Using ports 4444/tcp to 4444/tcp, HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic then flows to the next generation firewall within the private subnet, before going to a private application load balancer with TLS certificate. The load balancer then distributes traffic to virtual machines with backend TLS certificates.
• Using ports 4443/tcp to 4443/tcp HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic then flows to the next generation firewall within the private subnet, before going to a private application load balancer with TLS certificate. The load balancer distributes traffic to virtual machines with backend TLS certificates.
• Using ports 2223/tcp to 2223/tcp non HTTP/S traffic flows to the private network load balancer within the public subnet. Traffic then flows to the next generation firewall within the private subnet, before going to a private network load balancer. The load balancer then distributes traffic to virtual machines with RDP servers.