Many times when you work for someone, they already have their own vulnerability scanning throughout the organization. What usually happens is that onboarding to that tooling might take time, that’s why I initially started to look on OCI Vulnerability Scanning Service – to have something scanning your servers or images from day 1! Or could…
OCI Network Firewall – Real World problems
I recently hit an issue with OCI Network Firewall that we had configured with NAT GW (see previous posts on it). We expected only to use it for egress traffic from OCI to public internet from our private compute VMs but a new requirement came which required to access some privately exposed services on OCI,…
Installing OCI Network Firewall – Allowing traffic via policies
Now that we have designed and installed our OCI Network Firewall we’re ready to allow some traffic through the firewall. What you’ll end up doing is to modifying policies which are applied to the firewall. How it works is that there’s always a single policy attached to the firewall, if you need to update the…
Installing OCI Network Firewall – Provisioning and Configuration
Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens with traffic when it hits the firewall. Final post of this series will be then…
Installing OCI Network Firewall – Design
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point etc. This is still a requirement as OCI Network Firewall might not provide all the…
Go Bastion(less!) on OCI
Update May 31st, 2021 – Seems like there was documentation bug so I’ve updated part about Agents. They are disabled by default so you need to enable them always if you want to use Bastion Service Managed session. I’ve always had slight dislike on requiring Bastion (Jump) server on any cloud which is self-managed. Sure,…
Get notified on unwanted network changes with OCI Cloud Guard
Oracle introduced Cloud Guard some time ago to OCI, in this post I’ll take a brief look what Cloud Guard is and how you can get notified on unwanted changes in your tenancy. As an example, I have a public VCN which is required for my project. I might have several admins managing the VCN…
OCI DBCS Clone from backup fails when Database Vault is enabled
Recently I was creating a DBCS database clone but the creation failed, luckily we could find out the node IPs through support and from the dcs-agent-debug.log we could see following statement failing: When looking this script what it tries to do is set the default password limits for DEFAULT profile. While trying it out on…
How I studied for the Oracle Cloud Infrastructure 2019 Certified Architect Professional 1Z0-997
Earlier this week I took the 1Z0-997 Oracle Cloud Infrastructure 2019 Certified Architect Professional. In this post I’ll try to share on how I studied on the test and what areas I feel helped me on passing the certification. I won’t be posting any questions or answers but rather want to help you on studying…
Rewriting Terraform security list configuration in OCI with Terraform 0.12
I’ve been a big fan of Terraform for quite some time but one of the things I have been complaining about has been some things which have not been possible when you use Terraform modules. Why do we use modules? It gives us a way to reuse our code so that each resource creation is…