[OCI] Understanding Network Security Group in Oracle Cloud (OCI)

on

 


When designing secure and flexible cloud architectures in Oracle Cloud Infrastructure (OCI), Network Security Groups (NSGs) are one of the most powerful tools you can use. If you've worked with Security Lists before, think of NSGs as the more flexible and precise version, giving you fine-grained control over traffic at the resource level.


🛡️ What is a Network Security Group (NSG)?

A Network Security Group (NSG) is like a private security team assigned to specific cloud resources in OCI—like virtual machines (VMs), databases, and load balancers. Instead of applying broad traffic rules across an entire subnet (like Security Lists), NSGs let you define custom security rules for individual resources or groups of resources.


🏠 Real-World Analogy

Imagine you live in a housing society:

  • The main gate rules (e.g., all guests must sign in) apply to everyone—this is like a Security List for the whole subnet.

  • But you also hire your own private guard just for your house with specific instructions—this is like an NSG. It follows your custom rules, no matter what the society rules are.

In other words:

  • Security List = Shared gate rules

  • NSG = Personalized security guard for selected homes (resources)


Now, let's see how to create a Network Security Group and attach it to a Compute Instance:


  • To access the Oracle Cloud Infrastructure (OCI) Console, navigate to https://www.oracle.com/
  • Upon successful login, you will be redirected to the Oracle Cloud Console homepage



  • Navigate to  Navigation Menu -> Networking -> Virtual cloud networks


  • Choose the compartment and click on VCN Name in which you want to create Network Security Group:

  • Navigate to Network Security Group section and click Create Network Security Group button:

  • Enter the below details:
    1. Name
    2. Choose the compartment
    3. Add Ingress Rule for port 22
    4. Click on Create button once done


  • Network Security Group will be created:

  • Now this Network Security Group can be assigned to any compute machine and all security rules will be applied. 
  • Navigate to the compute machine details screen and add the Network Security Group, by clicking on Edit button:


  • Select the Network Security Group and click save changes:


Now suppose if your security list of your VCN does not allow port 22, but you assign this NSG to your compute machine, then also your machine will be allowed SSH connection.


Comments

Post a Comment

All Categories

Account Hierarchy1 Accounting Flexfields1 API2 ASCII1 Autonomous Database1 BIP7 BIP Refresh Time1 BIP Report1 Call Fusion BIP Report2 Change Password1
Code Combinations2 Compute Instance2 Data Aggregation2 Database5 Date Conversion1 DB Adapter2 Decryption1 Development1 EBS3 Encryption1 ESS Jobs3 Examine1 FBDI3 Fusion APIs1 Fusion BIP3 GIT2 GL3 GL Journals1 GL_DAILY_CONVERSION_TYPES1 GL_DAILY_RATES1 ICS1 Identity Domain1 Integrations1 Java1 Journal Import1 Keys1 LookupTypeLOV1 LOV1 LOVs1 MultiPartAPIs1 Networking1 NVL2 NVL in OIC2 OCI9 OCI Compute5 OCI Events Service1 OCI Free Tier2 OCI Notifification Service1 OCI Security1 OIC3 OIC Mapper2 Oracle17 Oracle ADF17 Oracle APEX1 Oracle Apps58 Oracle Apps R125 Oracle ATP1 Oracle BIP6 Oracle Cloud9 Oracle Cloud Free Tier1 Oracle cloud Infrastructure7 Oracle Cloud Security2 Oracle Cloud VM1 Oracle DB4 oracle ebs4 Oracle ERP2 Oracle ERP Adapter2 Oracle ERP Cloud6 Oracle financials2 Oracle Forms1 Oracle Fusion46 Oracle Fusion BIP2 Oracle Fusion ERP10 Oracle Fusion Financials10 Oracle Integration Cloud3 Oracle OAF17 Oracle OCI12 Oracle OIC21 Oracle SOA 12c10 Oracle SQL16 Oracle VBCS1 Oracle VBS2 Oracle Visual Builder Cloud Service1 Oracle Visual Builder Studio2 Oracle Workflow Notifications1 Others10 Properties1 R121 Register BIP as ESS Job1 Reset Password1 Responsibility1 REST3 Security List1 Site Map1 SOAP2 SOAP API2 SOAP UI3 SQL14 SQL Functions3 SQL Queries13 SQL Query8 SQL Tips3 SSH1 Value Sets1 VBCS1 Virtual Machine2 Virtual Machines1 XML1 XSLT1
Show more