...

OCI Firewall

...

Information

Access to an OCI cloud instance can be controlled by

• an external firewall,
• the operating system firewall of the instance (see Installing the VE License Server and the Charon-SSP Packages in the Cloud),
• security list of the subnet to which the instance belongs, and
• VNIC-specific Network Security Groups.

The different firewall levels must be configured to permit at least TCP port 8083 to enable a license client to access a cloud BYOL VE license server. If the web interface is to be used, TCP port 8084 must also be allowed.

...

Please see the relevant Oracle documentation for more information and configuration detail.

Please note: Traffic is allowed if any rule in any of the relevant lists and groups allows the traffic. Traffic is also allowed if it  is the response traffic of a permitted tracked connection. In addition to allowing SSH access, at least TCP port 8083 must be allowed to enable a license client to access a cloud BYOL VE license server. If the web interface is to be used, TCP port 8084 must also be allowed.

AWS Firewall

...

Information

Access to an AWS cloud instance can be controlled by 

...

In addition to allowing SSH access, the different firewall levels must be configured to permit at least TCP port 8083 to enable a license client to access a cloud BYOL VE license server. If the web interface is to be used, TCP port 8084 must also be allowed.

...

Please see the relevant AWS documentation for more information and configuration details.

Azure Firewall

...

Information

Access to an Azure cloud instance can be controlled by

...

In addition to allowing SSH access, the different firewall levels must be configured to permit at least TCP port 8083 to enable a license client to access a cloud BYOL VE license server. If the web interface is to be used, TCP port 8084 must also be allowed.

...

Network Security Groups can be associated to interfaces or subnets. Security rules in network security groups enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces. When a cloud instance is created, you can assign a default security group to its interface (allowing SSH). Please refer to the following tutorial for more information: https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-filter-network-traffic.

GCP Firewall Information

Access to an GCP cloud instance can be controlled by

• an external firewall,
• the operating system firewall of the instance,
• GCP Firewall

In addition to allowing SSH access, the different firewall levels must be configured to permit at least TCP port 8083 to enable a license client to access a VE license server. If the web interface is to be used, TCP port 8084 must also be allowed.

Google Cloud Firewall Rules

In addition to firewall rules created by the customer, there are other rules that can affect incoming or outgoing traffic:

• Certain IP protocols, such as GRE, are not allowed within a VPC network. For more information, see always blocked traffic.

• Communication between a VM instance and its corresponding metadata server (169.254.169.254). Is always allowed.

• Every network has two implied firewall rules that permit outgoing connections and block incoming connections. Firewall rules that you create can override these implied rules.

• The default network is pre-populated with firewall rules that can be deleted or modified.

VPC firewall rule characteristics:

• Each rule is either for incoming or outgoing traffic. It can allow or deny traffic.
• Only IPv4 traffic is supported.
• Firewall rules are stateful (return traffic for an established connection is allowed).
• If TCP traffic is fragmented, a rule is only applied to the first fragment of a packet.