This will probably not be useful post for many but if you ever run into this post and it’s useful, let me know! This time I had to get Guardian VM installed on OCI for our OT network to monitor…
Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I’ve run into multiple issues where we have VCNs and subnets deployed and don’t have any visibility on how many IP addresses are currently allocated on…
I recently hit an issue with OCI Network Firewall that we had configured with NAT GW (see previous posts on it). We expected only to use it for egress traffic from OCI to public internet from our private compute VMs…
Now that we have designed and installed our OCI Network Firewall we’re ready to allow some traffic through the firewall. What you’ll end up doing is to modifying policies which are applied to the firewall. How it works is that…
Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens…
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point…
I’m a huge fan of using tools available to help troubleshoot any issues there are. Luckily OCI has many free tools available such as Network Path Analyzer, which I’ve touched in the past. This time we’re going to look on…
This post will be checklist for items you’ll need when you have Firewall (or Hub) VCN where you route traffic to and have 3rd party firewall appliance (such as Palo Alto) inspecting traffic. You have to understand different route tables…
I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in…
On part 1 of the DRG version 2 we looked on basics and how you can control which VCN can be accessed and how, regardless if the source is through FastConnect, VPN Connect, VCN or Remote Peering Connection (another DRG).…