This image shows the east-west traffic flow from the web or application to OCIObject Storage and other Oracle network services in a regional hub and spoke topology that uses a Fortinet FortiGatefFirewall.

This image shows two virtual cloud networks (VCNs):

• Hub VCN (192.168.0.0/16): The hub VCN houses the Fortinet FortiGate firewall. The trust subnet uses port 3 for internal traffic to or from the FortiGate Firewall. The hub VCN communicates with spoke VCNs through a DRG. The hub VCN communicates with OCIObject Storage through a service gateway.
• Web or application tier spoke VCN (10.0.0.0/24): The VCN contains a single subnet. A load balancer manages traffic to the web and application VMs. The application tier VCN is connected to the hub VCN over dynamic routing gateway.

East-west traffic flow from the web or application to OCI Object Storage in the following steps:

1. Traffic that moves from the web or application tier to object storage is routed through the web or application subnet route table (destination 0.0.0.0/0).
2. Traffic moves from the web or application subnet route table to the DRG Object Storage networks.
3. Traffic moves from the DRG to the Fortinet FortiGate firewall in the trust subnet over port 3.
4. Traffic from the Fortinet FortiGate firewall is routed through the trust subnet route table (destination Oracle Network Services).
5. Traffic moves from the trust subnet route table to the service gateway.
6. Traffic moves from the service gateway to Oracle Network Services, such as OCI Object Storage.