| Anchor | ||||
|---|---|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
OCI Security Lists and Network Security Groups
Access to your instance is controlled through several different methods:
...
an OCI cloud instance can be controlled by
- an external firewall,
- the operating system firewall of the instance.
- Security security list of the subnet to which the instance belongs, and
- VNIC-specific Network Security Groups
...
- .
Security Lists
Security lists form the original type of virtual firewall offered by the Oracle cloud network service.
A security list acts as a virtual firewall for an instance. It has ingress and egress rules that specify the types of traffic allowed in and out. Security lists are defined at the subnet level. Therefore, all VNICs in a given subnet are subject to the same set of security lists.
You can associate multiple security lists with a subnet. Each list can have multiple rules. Traffic is allowed if any rule in any of the lists allows the traffic. Traffic is also allowed if it is the response traffic of a permitted tracked connection.
If you don't specify one or more other security lists during the creation of a subnet, a default security list will be associated with it.
Please see the relevant Oracle documentation for more information and configuration details.
Network Security Groups
Network Security Groups (or NSGs) form another type of virtual firewall. Unlike a security list, an NSG does not apply to all VNICs in a subnet, but is assigned to specific VNICs connected to the subnet. This allows a more granular access control. By default, no NSG is assigned to a VNIC.
Please see the relevant Oracle documentation for more information and configuration detail.
Traffic is allowed if any rule in any of the relevant lists and groups allows the traffic. Traffic is also allowed if it is the response traffic of a permitted tracked connection.
| Div | ||
|---|---|---|
| ||
Connecting to the Cloud Instance
With the default subnet security list, and without custom Network Security Groups installed, you can, for example, use SSH from the command-line or from a tool such as PuTTY to access the command-line of the sshuser user on the Charon-SSP instance. If you select your instance in the instance list and then click on the name, you will see details about your instance including its public IP address as shown below.
...
The file permissions of the private key file must be set such that the file is only readable by the user.
There are several ways to connect to your Charon-SSP AWS cloud instance using this basic SSH protocol access. Some of them are described in the following sections below:
...