This image shows the north-south outbound traffic flow from a public VM in a Secured Public Subnet to Internet via Network Firewall. It includes one Secure VCN but similarly you can have multiple secured VCNs.

Secured VCN (10.10.0.0/16) includes the following components:

• Firewall Subnet (10.10.1.0/24) which includes a Network Firewall and associated IP address to it. Ensure that the Firewall Subnet is in a public subnet since we are protecting public subnet workloads.
• Secured Public Subnet (10.10.0.0/24) which includes application workloads. We have a VM available in this subnet with 10.10.0.10 private IP and a public IP.
• Internet Gateway to support to-from internet connection.
• Route tables are associated to the Firewall Subnet, Secured Public Subnet and internet gateway ensuring that the traffic is routed via Network Firewall.

North-south traffic flow from the virtual machine to internet as follows:

1. Traffic that moves from the workload VM (10.10.0.10) to internet destination (8.8.8.8) is routed through Secured Subnet Route Table (destination 0.0.0.0/0).
2. Traffic from Secured Subnet Route Table goes to IP Address of Network Firewall based on the internet destination.
3. Firewall inspects and protects the traffic as per firewall policy. Once inspected and protected, traffic exits from Firewall IP Address through Firewall Subnet Route Table (destination 0.0.0.0/0).
4. Firewall Subnet route table sends the traffic to Internet Gateway and internet destination.
5. Return traffic comes from internet to Internet gateway and will follow the same path since we have symmetric routing in place on each route table.