Deployments Supported on OCI

Use the VM-Series firewall on OCI to secure your cloud environment in the following scenarios:
  • North-South Traffic—You can use the VM-Series firewall to secure traffic entering your cloud network from an untrusted source or exiting your cloud network to reach an untrusted source. For either type of traffic, you must configure route table rules in your Virtual Cloud Network (VCN) and NAT policy rules on the firewall.
    In this example, outbound traffic is exiting the trust subnet in your VCN. You must configure source address translation policy onto a public IP address and a route table rule that redirects that traffic to the firewall. The route rule points outgoing traffic to the firewall’s interface in the trust subnet of the VCN. When the firewall receives this traffic, it performs the source address translation on the traffic and applies any other security policy you have configured.
  • Inter-VCN Traffic (East-West)—The VM-Series firewall allows you to secure traffic moving within your cloud environment between VCNs. Each subnet must belong to a different VCN because, by default, no route rules are used to enable traffic within a VCN. In this scenario, you configure an interface on the firewall connected to a subnet in each VCN.
    In the example below, a user in the Trust Subnet wants to access data in the DB Subnet. Configure a route on OCI that reaches DB Subnet CIDR next hop, which points to the interface Trust Subnet network on the VM-Series firewall.

Recommended For You