Versions Compared

Old Version 7

changes.mady.by.user W.Erber

Saved on

compared with

New Version 8

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

OCI Security Lists and Network Security Groups

Access to an OCI cloud instance can be controlled by

  • an external firewall,
  • the operating system firewall of the instance,
  • security list of the subnet to which the instance belongs, and
  • VNIC-specific Network Security Groups.

Security Lists

Security lists form the original type of virtual firewall offered by the Oracle cloud network service.

...

Please see the relevant Oracle documentation for more information and configuration details.

Network Security Groups

Network Security Groups (or NSGs) form another type of virtual firewall. Unlike a security list, an NSG does not apply to all VNICs in a subnet, but is assigned to specific VNICs connected to the subnet. This allows a more granular access control. By default, no NSG is assigned to a VNIC.

Please see the relevant Oracle documentation for more information and configuration detail.

Please note: Traffic is allowed if any rule in any of the relevant lists and groups allows the traffic. Traffic is also allowed if it  is the response traffic of a permitted tracked connection.

Div
classpagebreak


Connecting to the Cloud Instance

With the default subnet security list, and without custom Network Security Groups installed, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the user sshuser (for Charon-SSP prepackaged marketplace images) or your custom user (for RPM installations) on the Charon-SSP instance. If you select your instance in the instance list and then click on the name, you will see details about your instance including its public IP address as shown below.

...

  • The file permissions of the private key file must be set such that the file is only readable by the user (e.g., # chmod 400 <private-key-file>).
  • PuTTY uses a different key file format. It comes with tools to convert between its own .ppk format and the format of OpenSSH used by the default Linux tools.

There are several ways to connect to your Charon-SSP cloud instance using this basic SSH protocol access. Some of them are described in the following sections below:

...