Configure a VCN
After uploading the KVM qcow2 image to OCI, configure a Virtual Cloud Network (VCN) before launching the VM-Series firewall.
- Create a VCN.
- Select NetworkingVirtual Cloud Networks and click Create Virtual Cloud Networks.
- Enter a descriptive Name for your VCN.
- Enter a CIDR block for your VCN.
- Click Create Virtual Network.
- Create an internet gateway. An internet gateway is required
to make your management and untrust subnets publicly accessible.
- From within the VCN you just created, select Internet GatewaysCreate Internet Gateway.
- Select your compartment.
- Enter a descriptive Name for your internet gateway.
- Click Create Internet Gateway.
- Create route tables for each subnet. You will configure a private IP address that corresponds to the trust interface on your firewall. However, OCI requires that a private IP address be connected to a vNIC. Because you have not yet created a vNIC for the firewall, temporarily set the target type for the trust subnet to an internet gateway. After configuring the trust vNIC, you will update the trust target type with the private IP address you configure on the vNIC.
- From within the VCN you just created, select Route TablesCreate Route Table.
- Select your compartment.
- Enter a descriptive Name for your route table.
- Select a target type. For subnets that are publicly accessible, select Internet Gateway.
- Enter a Destination CIDR Block.
- Select the internet gateway you created previously from the Target Internet Gateway drop-down.
- Click Create Route Table.
- Repeat this procedure for each subnet.
- Create security lists. Security lists are required to
specify the type traffic you want to allow to reach the subnet and
on which ports.
- From within the VCN you just created, select Security ListsCreate Security List.
- Enter a descriptive Name for your security list.
- Select CIDR from the Source Type drop-down and Source CIDR block.
- Select an protocol from the IP Protocol drop-down.
- (Optional) Enter source and destination ports or port ranges. If you leave these fields blank, all ports are allowed.
- Repeat these steps for each rule.
- Click Create Security List.
- Repeat these steps to create a security list for each subnet.
- Delete default security list rule that allows TCP traffic
on port 22.
- Select NetworkingVirtual Cloud Networks<your VCN>Security ListsDefault Security ListEdit All Rules.
- Click the delete icon to delete the rule.
- Click Save Security List Rules.
- Create subnets.
- Select SubnetsCreate Subnet.
- Enter a descriptive Name for you subnet.
- Select an Availability Domain.
- Enter a CIDR Block. The internal (non-public) IP address for the subnet is taken from this CIDR block.
- Select one of the route tables you created previously from the Route Table drop-down.
- Select the Subnet Access for your subnet.
- Select the DHCP Option.
- Select a Security List that you created previously.
- Click Create.
- Repeat this procedure for each subnet you require.
Launch the VM-Series Firewall in OCI
Launch the VM-Series Firewall in OCI After uploading the KVM qcow2 image to OCI and configuring a Virtual Cloud Network (VCN), you are ready to ...
Launch the VM-Series Firewall Using a Terraform Template
Launch the VM-Series Firewall Using a Terraform Template After modifying the templates for your OCI environment, you can launch the VM-Series firewall. The VM-Series firewall ...
Deployments Supported on OCI
Deployments Supported on OCI Use the VM-Series firewall on OCI to secure your cloud environment in the following scenarios: North-South Traffic—You can use the VM-Series ...
Use Case: Secure the EC2 Instances in the AWS Cloud
Use Case: Secure the EC2 Instances in the AWS Cloud In this example, the VPC is deployed in the 10.0.0.0/16 network with two /24 subnets: ...
Planning Worksheet for the VM-Series in the AWS VPC
Planning Worksheet for the VM-Series in the AWS VPC For ease of deployment, plan the subnets within the VPC and the EC2 instances that you ...
Launch the VM-Series Firewall on AWS
Launch the VM-Series Firewall on AWS If you have not already registered the capacity auth-code that you received with the order fulfillment email, with your ...
Configure GlobalProtect Gateways for LSVPN
Configure GlobalProtect Gateways for LSVPN Because the GlobalProtect configuration that the portal delivers to the satellites includes the list of gateways the satellite can connect ...
Customize the Firewall Template Before Launch (v2.0 and v2.1)
Lists the settings you can modify before you launch the template ...
Deploy the VM-Series Firewall on OCI Using the Terraform Template
Deploy the VM-Series Firewall on OCI Using the Terraform Template You can use a Terraform Template to deploy the VM-Series firewall on OCI. The template ...