This image shows the east-west traffic flow from Oracle Cloud Infrastructure Object Storage and other Oracle network services to the web/application in a regional hub and spoke topology that uses Check Point CloudGuard Network Security. This images shows 2 virtual cloud networks (VCNs):
-
Hub VCN (10.0.0.0/24): The Hub VCN houses the Check Point Security Gateway. The backend subnet uses vNIC2 for internal traffic to or from the Check Point Security Gateway. The hub VCN communicates with spoke VCNs through a local peering gateway (LPG). The hub VCN communicates with Oracle Cloud Infrastructure Object Storage through a service gateway.
-
Web/Application tier spoke VCN (192.168.0.0/24): The VCN contains a single subnet. A load balancer manages traffic to the web/application VMs. The application tier VCN is connected to the hub VCN over a local peering gateway.
- Traffic that moves from object storage to the web/application VM (192.168.0.10) is routed through the service gateway route table (destination 0.0.0.0/0) in the hub VCN.
- Traffic moves from the service gateway to the Check Point Security Gateway in the backend subnet over vNIC2.
- Traffic from the Check Point Security Gateway is routed through the backend subnet route table (destination 192.168.0.0/24).
- Traffic moves from the backend subnet route table to the LPG for the hub VCN.
- Traffic moves from the hub LPG to the LPG for the web/application tier spoke VCN.
- Traffic moves from the web/application LPG to the load balancer for the web/application.