Create a Firewall
Use the Network Firewall service to create a firewall.
Important
- For better performance, don't add stateful rules to the security list attached to the firewall subnet or include the firewall in a network security group (NSG) that contains stateful rules.
- Security list or NSG rules associated with the firewall subnet and VNICs are evaluated before the firewall. Ensure that security list or NSG rules allow the traffic to enter the firewall so that it can be evaluated appropriately.
- If the policy that you use with the firewall doesn't have any rules specified, the firewall denies all traffic.
Use the network-firewall network-firewall create command and required parameters to create a firewall. oci network-firewall network-firewall create --compartment-id compartment_id --subnet-id subnet_id --network-firewall-policy-id network_firewall_policy_id[OPTIONS]
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Use the CreateNetworkFirewall operation to create a firewall.