This image shows the east-west traffic flow from OCI Object Storage to the web or application and other Oracle network services in a regional hub and spoke topology that uses a Fortinet FortiGate firewall.

This images shows two virtual cloud networks (VCNs):

• Hub VCN (192.168.0.0/16): The hub VCN houses the Fortinet FortiGate firewall. The trust subnet uses port 3 for internal traffic to or from the FortiGate firewall. The hub VCN communicates with spoke VCNs through a DRG. The hub VCN communicates with OCI Object Storage through a service gateway.
• Web or application tier spoke VCN (10.0.0.0/24): The VCN contains a single subnet. A load balancer manages traffic to the web and application VMs. The application tier VCN is connected to the hub VCN over a DRG.

East-west traffic flow from OCI Object Storage to the web or application in the following steps:

1. Traffic that moves from Object Storage to the web or application VM (10.0.0.10) is routed through the service gateway route table (destination 0.0.0.0/0) in the hub VCN.
2. Traffic moves from the service gateway to the Fortinet FortiGate firewall in the trust subnet over port 3.
3. Traffic from Fortinet FortiGate Firewall is routed through the trust subnet route table (destination 10.0.0.0/24).
4. Traffic moves from the trust subnet route table to the DRG for the web or application spoke VCN.
5. Traffic moves comes to the web or application load balancer for the web or application.