Configure a VCN

After uploading the KVM qcow2 image to OCI, configure a Virtual Cloud Network (VCN) before launching the VM-Series firewall.
  1. Create a VCN.
    1. Select
      Networking
      Virtual Cloud Networks
      and click
      Create Virtual Cloud Networks
      .
    2. Enter a descriptive
      Name
      for your VCN.
    3. Enter a
      CIDR block
      for your VCN.
    4. Click
      Create Virtual Network
      .
  2. Create an internet gateway. An internet gateway is required to make your management and untrust subnets publicly accessible.
    1. From within the VCN you just created, select
      Internet Gateways
      Create Internet Gateway
      .
    2. Select your compartment.
    3. Enter a descriptive
      Name
      for your internet gateway.
    4. Click
      Create Internet Gateway
      .
  3. Create route tables for each subnet.
    You will configure a private IP address that corresponds to the trust interface on your firewall. However, OCI requires that a private IP address be connected to a vNIC. Because you have not yet created a vNIC for the firewall, temporarily set the target type for the trust subnet to an internet gateway. After configuring the trust vNIC, you will update the trust target type with the private IP address you configure on the vNIC.
    1. From within the VCN you just created, select
      Route Tables
      Create Route Table
      .
    2. Select your compartment.
    3. Enter a descriptive
      Name
      for your route table.
    4. Select a target type. For subnets that are publicly accessible, select Internet Gateway.
    5. Enter a
      Destination CIDR Block
      .
    6. Select the internet gateway you created previously from the
      Target Internet Gateway
      drop-down.
    7. Click Create
      Route Table
      .
    8. Repeat this procedure for each subnet.
    oci_create_mgmt_route_table.png
  4. Create security lists. Security lists are required to specify the type traffic you want to allow to reach the subnet and on which ports.
    1. From within the VCN you just created, select
      Security Lists
      Create Security List
      .
    2. Enter a descriptive Name for your security list.
    3. Select CIDR from the
      Source Type
      drop-down and
      Source CIDR
      block.
    4. Select an protocol from the
      IP Protocol
      drop-down.
    5. (Optional) Enter source and destination ports or port ranges. If you leave these fields blank, all ports are allowed.
    6. Repeat these steps for each rule.
    7. Click
      Create Security List
      .
    8. Repeat these steps to create a security list for each subnet.
    oci_create_security_list_rules.png
    oci_security_list_rules.png
  5. Delete default security list rule that allows TCP traffic on port 22.
    1. Select
      Networking
      Virtual Cloud Networks
      <your VCN>
      Security Lists
      Default Security List
      Edit All Rules
      .
    2. Click the delete icon to delete the rule.
      oci_security_list_delete.png
    3. Click
      Save Security List Rules
      .
  6. Create subnets.
    1. Select
      Subnets
      Create Subnet
      .
    2. Enter a descriptive
      Name
      for you subnet.
    3. Select an
      Availability Domain
      .
    4. Enter a
      CIDR Block
      . The internal (non-public) IP address for the subnet is taken from this CIDR block.
    5. Select one of the route tables you created previously from the
      Route Table
      drop-down.
    6. Select the
      Subnet Access
      for your subnet.
    7. Select the
      DHCP Option
      .
    8. Select a
      Security List
      that you created previously.
    9. Click
      Create
      .
    10. Repeat this procedure for each subnet you require.
    oci_create_subnet.png

Related Documentation