Creating a ZPR Policy

Create a Zero Trust Packet Routing (ZPR) policy in the Zero Trust Packet Routing (ZPR) service.

Familiarize yourself with ZPR policy basics before trying to create a policy.

Note

ZPR policy can only be created in the root compartment of a tenancy.
    1. Open the navigation menu, click Identity & Security, and then click Zero Trust Packet Routing.
    2. Click Policies.
    3. Click Create policy.
    4. Enter a name and a description for the policy.
    5. Click Add policy statements.
    6. Select which type of policy builder you want to use to create the policy statements:
      • Simple policy builder lets you select from prepopulated lists of resources identified by their security attributes to express security intent between two endpoints. The policy builder automatically generates the policy statement using correct syntax.
      • Policy template builder lets you select from a list of templates based on common use case scenarios that provide prefilled ZPR policy statements that you can then customize to create a ZPR policy.
      • Manual policy builder lets you enter free-form policy.
      Note

      If you change to a different type of policy builder while creating a policy, then ZPR resets the policy statements.
    7. When you're finished adding policy statements, click Add.
    8. Click Create policy.
    ZPR policy is enabled by applying security attributes to resources.
  • Use the oci zpr zpr-policy create command and required parameters to create a Zero Trust Packet Routing (ZPR) policy:

    oci zpr zpr-policy create --compartment-id <compartment_ocid> --description <zpr_policy_description> --name <zpr_policy_name> --statements <zpr_policy_statements> [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateZprPolicy operation to create a Zero Trust Packet Routing policy.