This section describes additional security rules needed to specify ports that are required to bring the WebLogic Server to the running state. Create additional rules in separate WebLogic Server security lists for the control plane and worker subnets, and for the pod subnet if you are using VCN-Native Pod Networking.
The following rules are for the control plane subnet. These rules are used for both Flannel Overlay networking and VCN-Native Pod Networking.
WebLogic Server Security Rules for the Control Plane Subnet
|
Console property
|
CLI property
|
|
Ingress Rule 1
-
Stateless: uncheck the box
-
Ingress CIDR: kmi_cidr
-
IP Protocol: TCP
-
Destination Port Range: 8084
-
Description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
Ingress Rule 1
-
isStateless: false
-
source: kmi_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 6
-
tcpOptions
destinationPortRange
-
description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
|
Ingress Rule 2
-
Stateless: uncheck the box
-
Ingress CIDR: worker_cidr
-
IP Protocol: UDP
-
Destination Port Range: 8472
-
Description: "WebLogic Server administration."
|
Ingress Rule 2
-
isStateless: false
-
source: worker_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 17
-
udpOptions
destinationPortRange
-
description: "WebLogic Server administration."
|
The following rules are for the worker subnet. These rules are used for both Flannel Overlay networking and VCN-Native Pod Networking.
WebLogic Server Security Rules for the Worker Subnet
|
Console property
|
CLI property
|
|
Ingress Rule 1
-
Stateless: uncheck the box
-
Ingress CIDR: kmi_cidr
-
IP Protocol: TCP
-
Destination Port Range: 8084
-
Description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
Ingress Rule 1
-
isStateless: false
-
source: kmi_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 6
-
tcpOptions
destinationPortRange
-
description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
|
Ingress Rule 2
-
Stateless: uncheck the box
-
Ingress CIDR: kmi_cidr
-
IP Protocol: UDP
-
Destination Port Range: 8472
-
Description: "WebLogic Server administration."
|
Ingress Rule 2
-
isStateless: false
-
source: kmi_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 17
-
udpOptions
destinationPortRange
-
description: "WebLogic Server administration."
|
|
Ingress Rule 3
-
Stateless: uncheck the box
-
Ingress CIDR: worker_cidr
-
IP Protocol: UDP
-
Destination Port Range: 7001-9000
-
Description: "These ports are used by WebLogic Server."
|
Ingress Rule 3
-
isStateless: false
-
source: worker_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 17
-
udpOptions
destinationPortRange
-
description: "These ports are used by WebLogic Server."
|
The following rules are for the pod subnet. These rules are used for VCN-Native Pod Networking.
WebLogic Server Security Rules for the Pod Subnet
|
Console property
|
CLI property
|
|
Ingress Rule 1
-
Stateless: uncheck the box
-
Ingress CIDR: kmi_cidr
-
IP Protocol: TCP
-
Destination Port Range: 8084
-
Description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
Ingress Rule 1
-
isStateless: false
-
source: kmi_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 6
-
tcpOptions
destinationPortRange
-
description: "This service port is the default for the WebLogic Server Console and is used to manage WebLogic Server domains."
|
|
Ingress Rule 2
-
Stateless: uncheck the box
-
Ingress CIDR: worker_cidr
-
IP Protocol: UDP
-
Destination Port Range: 8472
-
Description: "WebLogic Server administration."
|
Ingress Rule 2
-
isStateless: false
-
source: worker_cidr
-
sourceType: CIDR_BLOCK
-
protocol: 17
-
udpOptions
destinationPortRange
-
description: "WebLogic Server administration."
|