Setting Up the Network Firewall Service

Planning

To prepare to use the Network Firewall service, do the following:

• Review the Network Firewall service limits for firewall resources and firewall policy resources. Share these limits with anyone who plans to create firewalls or firewall policies. For more information about service limits, see Service Limits.
• Determine a compartment for firewalls and firewall policies. Grant security permission to work in the compartment and share the compartment name with anyone who plans to create or manage firewalls and firewall policies. For maximum security, consider creating a new compartment. To create a new compartment, see Creating a compartment.
• Determine the virtual cloud network (VCN) and subnets for a firewall.
• Gather IP addresses, ports, and URLs that you want to allow or deny access to.

Set up security permissions

Grant user groups IAM policies to create and manage resources in the Network Firewall service. See Network Firewall IAM Policies

Set up network traffic decryption and inspection (optional)

If you are using the Vault service, you can set up network traffic decryption and inspection. That way, you can use SSL Inbound Inspection to decrypt and inspect inbound SSL/TLS traffic from a client to a targeted network server, and SSL Forward Proxy to decrypt and inspect SSL/TLS traffic from internal users to the web.

To set up network traffic decryption and inspection, see Setting Up Network Traffic Decryption and Inspection.