Use the VM-Series firewall on OCI to
secure your cloud environment in the following scenarios:
North-South Traffic—You can use the VM-Series firewall
to secure traffic entering your cloud network from an untrusted
source or exiting your cloud network to reach an untrusted source.
For either type of traffic, you must configure route table rules
in your Virtual Cloud Network (VCN) and NAT policy rules on the
In this example, outbound traffic is exiting the
trust subnet in your VCN. You must configure source address translation
policy onto a public IP address and a route table rule that redirects
that traffic to the firewall. The route rule points outgoing traffic
to the firewall’s interface in the trust subnet of the VCN. When
the firewall receives this traffic, it performs the source address
translation on the traffic and applies any other security policy you
Inter-VCN Traffic (East-West)—The VM-Series firewall allows
you to secure traffic moving within your cloud environment between
VCNs. Each subnet must belong to a different VCN because, by default,
no route rules are used to enable traffic within a VCN. In this
scenario, you configure an interface on the firewall connected to
a subnet in each VCN.
In the example below, a user in the
Trust Subnet wants to access data in the DB Subnet. Configure a
route on OCI that reaches DB Subnet CIDR next hop, which points
to the interface Trust Subnet network on the VM-Series firewall.