Configuring Security Rules to Use an LPG
Update a security list in a Virtual Cloud Network (VCN) to include a new rule that allows traffic destined for the other VCN's CIDR to flow through your local peering gateway (LPG).
Each administrator can perform this task before or after the connection is established.
Prerequisite: Each administrator must have the CIDR block or specific subnets for the other VCN. In general, you should use the same CIDR block you used in the route table rule in Task E: Configure the route tables.
Before you begin, determine which subnets in your VCN need to communicate with the other VCN. Update the security list for each of those subnets to include rules to allow the intended egress or ingress traffic specifically with the CIDR block or subnet of the other VCN.
What rules should you add?
- Ingress rules for the types of traffic you want to allow from the other VCN, specifically from the VCN's CIDR or specific subnets.
- An egress rule to allow outgoing traffic from your VCN to the other VCN. If the subnet already has a broad egress rule for all types of protocols to all destinations (0.0.0.0/0), then you don't need to add a special one for the other VCN.
For more information about security rules, see Security Rules.
Use the network security-list update command and required parameters to update the rules used in a particular security list:
oci network security-list update --security-list-id securitylist-ocid ... [--egress-security-rules | --ingress-security-rules] rules [OPTIONS]
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the UpdateSecurityList operation to update the rules used in a particular security list.