Configure a VCN
After uploading the KVM qcow2 image to OCI, configure a Virtual Cloud Network (VCN) before launching the VM-Series firewall.
- Create a VCN.
- Selectand clickNetworkingVirtual Cloud NetworksCreate Virtual Cloud Networks.
- Enter a descriptiveNamefor your VCN.
- Enter aCIDR blockfor your VCN.
- ClickCreate Virtual Network.
- Create an internet gateway. An internet gateway is required to make your management and untrust subnets publicly accessible.
- From within the VCN you just created, select.Internet GatewaysCreate Internet Gateway
- Select your compartment.
- Enter a descriptiveNamefor your internet gateway.
- ClickCreate Internet Gateway.
- Create route tables for each subnet.You will configure a private IP address that corresponds to the trust interface on your firewall. However, OCI requires that a private IP address be connected to a vNIC. Because you have not yet created a vNIC for the firewall, temporarily set the target type for the trust subnet to an internet gateway. After configuring the trust vNIC, you will update the trust target type with the private IP address you configure on the vNIC.
- From within the VCN you just created, select.Route TablesCreate Route Table
- Select your compartment.
- Enter a descriptiveNamefor your route table.
- Select a target type. For subnets that are publicly accessible, select Internet Gateway.
- Enter aDestination CIDR Block.
- Select the internet gateway you created previously from theTarget Internet Gatewaydrop-down.
- Click CreateRoute Table.
- Repeat this procedure for each subnet.
- Create security lists. Security lists are required to specify the type traffic you want to allow to reach the subnet and on which ports.
- From within the VCN you just created, select.Security ListsCreate Security List
- Enter a descriptive Name for your security list.
- Select CIDR from theSource Typedrop-down andSource CIDRblock.
- Select an protocol from theIP Protocoldrop-down.
- (Optional) Enter source and destination ports or port ranges. If you leave these fields blank, all ports are allowed.
- Repeat these steps for each rule.
- ClickCreate Security List.
- Repeat these steps to create a security list for each subnet.
- Delete default security list rule that allows TCP traffic on port 22.
- Select.NetworkingVirtual Cloud Networks<your VCN>Security ListsDefault Security ListEdit All Rules
- Click the delete icon to delete the rule.
- ClickSave Security List Rules.
- Create subnets.
- Select.SubnetsCreate Subnet
- Enter a descriptiveNamefor you subnet.
- Select anAvailability Domain.
- Enter aCIDR Block. The internal (non-public) IP address for the subnet is taken from this CIDR block.
- Select one of the route tables you created previously from theRoute Tabledrop-down.
- Select theSubnet Accessfor your subnet.
- Select theDHCP Option.
- Select aSecurity Listthat you created previously.
- Repeat this procedure for each subnet you require.
Recommended For You
Recommended videos not found.