Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens with traffic when it hits the firewall. Final post of this series will be then…
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point etc. This is still a requirement as OCI Network Firewall might not provide all the…
I’m a huge fan of using tools available to help troubleshoot any issues there are. Luckily OCI has many free tools available such as Network Path Analyzer, which I’ve touched in the past. This time we’re going to look on VCN Flow Logs, I think as a starting point we should be looking on enabling…
This post will be checklist for items you’ll need when you have Firewall (or Hub) VCN where you route traffic to and have 3rd party firewall appliance (such as Palo Alto) inspecting traffic. You have to understand different route tables which are associated and which routes you have to set to them. What this post…
I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in the OCI Load Balancers. For that, there was conditional forwarders setup on-premises with a rule…
Continuing use cases for new Dynamic Routing Gateway v2. This time I’ll look on Remote Peering Connections (RPC) and how that works together with DRG’s. Earlier posts on DRGv2 are here: Part1 & Part2 In short hardly anything changes, you obviously need VCN on some other Region which you want to connect to another VCN…
On part 1 of the DRG version 2 we looked on basics and how you can control which VCN can be accessed and how, regardless if the source is through FastConnect, VPN Connect, VCN or Remote Peering Connection (another DRG). This time we’re gonna look on dynamic route import distributions. Since each VCN attachment can…
As you might have seen, few weeks ago Oracle announced improved Dynamic Routing Gateway functionality which I was super excited about. Why? Previously when you’ve designed Transit Networking on OCI you’ve always had to use Hub & Spoke model for your traffic to flow from on-premises to Spoke VCN. Also, setting up connectivity between VCNs…
We looked on setting up Oracle DNS on part 1, and how you could manage different DNS options with Private Views or DNS listeners & forwarders. In this post I’m gonna look on what options we might have with Custom DNS. Custom DNS is typically used when there’s a requirement to use already existing DNS…
First of all, big thanks for my colleagues Rob and Travis for giving me some good ideas on this post! I usually recommend Transit Networking for most of the implementations as it provides security and scalability for your OCI infrastructure. Transit networking means one of your VCN acts as a Hub and the other VCNs…