When creating database connections to an Autonomous Database that is using a private endpoint, create a network security group to provide access from Database Tools to that database. When creating the network security group, you define specific access rules that limit which IPs or CIDR blocks can be used, and the ports or port ranges.

For the SQL worksheet

To configure the minimum set of network security group rules needed to provide access from the Database Tools SQL Worksheet in the OCI Console:

1. On the Private Endpoint Details page, locate the Reverse Connection Source IPs field in the Private Endpoint Information section. There are two IP addresses.
2. Edit the network security group and add rules for the two IP addresses, with access to destination port 1522 using TCP/IP. For example, given two IP addresses, 10.0.1.6 and 10.0.1.8, the two rules have the CIDR blocks 10.0.1.6/32 and 10.0.1.8/32 with access to destination port 1522, using TCP/IP.

For SQLcl and Bastions

To configure the minimum set of network security group rules needed to provide access from the Database Tools SQLcl using a bastion in the OCI Console:

1. On the Bastion details page, locate the private endpoint IP address item in the Private endpoint IP address field. Only one IP address shown.
2. Edit the network security group and add rules for this IP address with access to the destination port of 1522 using TCP/IP. For example, if given an IP address 10.0.1.9, then the rule has the CIDR block of 10.0.1.7/32 with access to the destination port of 1522 using TCP/IP.

These rules ensure that Database Tools has access to only the selected Autonomous Database through the network security group from these specific IP addresses, and only on port 1522 for bastion access using SQLcl and SQL Worksheet access on the OCI Console.