The below public documentation will give you step by step instructions what needs to be done to protect OIC from malicious and unwanted internet traffic with OCI WAF (Oracle Cloud Infrastructure Web Application Firewall).
Configure and protect an Oracle Integration (Process) custom endpoint with OCI WAF
Well that works very well if you just have to protect OIC gen 2 from internet traffic.
For more complex networking use cases to protect OIC gen 2 and even OIC File Server, I would like to recommend below high level deployment on OCI.
I’m sure this deployment diagram should give you some idea about what OCI resources need to be required and implemented. And you can extend and modify this to meet your security requirements such as using your WAF from different vendor, etc.
Here is a quick summary for this deployment.
- Why doing this?
1. Additional protection for OIC and OIC File Server – OCI WAF for OIC, OCI Firewall, Security List and Network Security Group, etc.
2. To accommodate more rules than 15 in OIC gen 2’s Allowlist and to provide more granular control for access from on-premises and internet
- Why two FLBs? (FLB – Flexible Load Balancer)
1. OIC & OIC File Server only can be accessed by public IP on OSN (Oracle Service Network)
2. Public FLB can’t reach out to public IP address based backends. So private FLB is introduced to connect to backends through Service Gateway.
- Is OIC’s vanity URL (custom endpoint) mandatory for this deployment? Yes.
- For OIC, SSL needs to be used for listener and backend. For OIC File Server, SSL is not required for listener and backend.
Hope this help you to put more protection on OIC & File Server.
RedThunder.Blog 