Update Allowlists

Note

If your organization uses allowlists (also known as access control lists, or ACLs), you must add the IP addresses and URLs to your allowlists before upgrade to prevent errors and to make sure Oracle Integration can access your applications.
  1. Get the new IP addresses.

    The new IP addresses appear on the Upgrade page approximately two weeks before your upgrade.

    1. In the navigation pane, click Settings, then Upgrade.
    2. Under Allowlist IP Addresses, note the following IP values:
      • OIC Design-time IPs: IP addresses for traffic entering into Oracle Integration 3 design time (the Oracle Integration 3 application).

        Note: The design-time URL supports the built-in Oracle Integration APIs.

      • OIC Runtime IP: IP address for traffic entering into your Oracle Integration 3 runtime applications.
      • OIC Outbound IP: IP address for traffic exiting Oracle Integration 3.
      • VB Inbound IP: IP address for traffic entering into Visual Builder.
      • VB Outbound IPs: IP addresses for traffic exiting Visual Builder.
      • VB VCN OCID: Oracle Cloud ID (OCID) of the Visual Builder service Virtual Cloud Network (VCN) for traffic exiting Visual Builder.
      • Process Outbound IP: IP address for traffic exiting Process Automation.
    3. You also need the IDCS IP address. To find the IDCS IP address, use the following command, replacing IDCS_GUID with the Identity Service ID:

      nslookup IDCS_GUID.identity.oraclecloud.com

  2. Update your allowlists according to your organization's procedures to control traffic going into and coming out of Oracle Integration.

    For example, you may use allowlists to manage the following types of Oracle Integration traffic.

    Type of traffic Associated allowlist How to update the allowlist

    Inbound traffic going to Oracle Integration and File Server

    Oracle Integration instance

    If you use Visual Builder, you need to add the VB VCN OCID to the Oracle Integration Generation 2 allowlist before upgrade. See Allow Your Instance to Access Services in Administering Oracle Visual Builder Generation 2.

    Other than that, no action is needed. Oracle migrates your existing allowlist as part of the upgrade.

    Inbound traffic going to Oracle Integration through your internal firewall

    Internal firewall

    If your organization restricts the sites that internal resources can access, add the following IP addresses to your internal firewall allowlist:

    • OIC Design-time IPs
    • OIC Runtime IP
    • VB Inbound IP

    Inbound traffic going to File Server through your internal firewall

    Internal firewall

    If your organization restricts the sites that internal resources can access, you'll need to add the File Server IP address to your internal firewall allowlist. However, you won't know the IP address until after upgrade. See Complete Post-Upgrade Tasks.

    Inbound traffic going to Oracle Integration and IDCS through your connectivity agents

    Connectivity agent server Configure connectivity from your connectivity agents to Oracle Integration and Oracle Identity Cloud Service (IDCS). Add the following IP addresses to the allowlists for the servers that host your connectivity agents:
    • OIC Design-time IPs
    • OIC Runtime IP
    • VB Inbound IP
    • IDCS IP

      Although the IDCS IP address doesn't change after upgrade, the connectivity agent now needs access to IDCS for OAuth. If you haven't already allowed IDCS access across your network, add the IDCS IP address.

    Outbound traffic going out of Oracle Integration, Visual Builder, or Process Automation to your cloud systems

    Target service

    For each target service accessed by Oracle Integration technologies, add the appropriate outbound IP address to the service's allowlist.

    • For Oracle Integration, allowlist the OIC Outbound IP.
    • For Visual Builder, allowlist the VB Outbound IP.
    • For Process Automation, allowlist the Process Outbound IP.

    Caution:

    If you update allowlists before the upgrade, don't remove the IP addresses for Oracle Integration Generation 2 yet. You might experience errors. After the upgrade finishes, the Oracle Integration Generation 2 IP addresses are no longer assigned to you and you can remove them.

Next, inform users and stakeholders about the upcoming upgrade.