Configure a VCN

After uploading the KVM qcow2 image to OCI, configure a Virtual Cloud Network (VCN) before launching the VM-Series firewall.
  1. Create a VCN.
    1. Select NetworkingVirtual Cloud Networks and click Create Virtual Cloud Networks.
    2. Enter a descriptive Name for your VCN.
    3. Enter a CIDR block for your VCN.
    4. Click Create Virtual Network.
  2. Create an internet gateway. An internet gateway is required to make your management and untrust subnets publicly accessible.
    1. From within the VCN you just created, select Internet GatewaysCreate Internet Gateway.
    2. Select your compartment.
    3. Enter a descriptive Name for your internet gateway.
    4. Click Create Internet Gateway.
  3. Create route tables for each subnet.
    You will configure a private IP address that corresponds to the trust interface on your firewall. However, OCI requires that a private IP address be connected to a vNIC. Because you have not yet created a vNIC for the firewall, temporarily set the target type for the trust subnet to an internet gateway. After configuring the trust vNIC, you will update the trust target type with the private IP address you configure on the vNIC.
    1. From within the VCN you just created, select Route TablesCreate Route Table.
    2. Select your compartment.
    3. Enter a descriptive Name for your route table.
    4. Select a target type. For subnets that are publicly accessible, select Internet Gateway.
    5. Enter a Destination CIDR Block.
    6. Select the internet gateway you created previously from the Target Internet Gateway drop-down.
    7. Click Create Route Table.
    8. Repeat this procedure for each subnet.
    oci_create_mgmt_route_table.png
  4. Create security lists. Security lists are required to specify the type traffic you want to allow to reach the subnet and on which ports.
    1. From within the VCN you just created, select Security ListsCreate Security List.
    2. Enter a descriptive Name for your security list.
    3. Select CIDR from the Source Type drop-down and Source CIDR block.
    4. Select an protocol from the IP Protocol drop-down.
    5. (Optional) Enter source and destination ports or port ranges. If you leave these fields blank, all ports are allowed.
    6. Repeat these steps for each rule.
    7. Click Create Security List.
    8. Repeat these steps to create a security list for each subnet.
    oci_create_security_list_rules.png
    oci_security_list_rules.png
  5. Delete default security list rule that allows TCP traffic on port 22.
    1. Select NetworkingVirtual Cloud Networks<your VCN>Security ListsDefault Security ListEdit All Rules.
    2. Click the delete icon to delete the rule.
      oci_security_list_delete.png
    3. Click Save Security List Rules.
  6. Create subnets.
    1. Select SubnetsCreate Subnet.
    2. Enter a descriptive Name for you subnet.
    3. Select an Availability Domain.
    4. Enter a CIDR Block. The internal (non-public) IP address for the subnet is taken from this CIDR block.
    5. Select one of the route tables you created previously from the Route Table drop-down.
    6. Select the Subnet Access for your subnet.
    7. Select the DHCP Option.
    8. Select a Security List that you created previously.
    9. Click Create.
    10. Repeat this procedure for each subnet you require.
    oci_create_subnet.png

Related Documentation