[OCI] Understanding Network Security Group in Oracle Cloud (OCI)

on

 


When designing secure and flexible cloud architectures in Oracle Cloud Infrastructure (OCI), Network Security Groups (NSGs) are one of the most powerful tools you can use. If you've worked with Security Lists before, think of NSGs as the more flexible and precise version, giving you fine-grained control over traffic at the resource level.


🛡️ What is a Network Security Group (NSG)?

A Network Security Group (NSG) is like a private security team assigned to specific cloud resources in OCI—like virtual machines (VMs), databases, and load balancers. Instead of applying broad traffic rules across an entire subnet (like Security Lists), NSGs let you define custom security rules for individual resources or groups of resources.


🏠 Real-World Analogy

Imagine you live in a housing society:

  • The main gate rules (e.g., all guests must sign in) apply to everyone—this is like a Security List for the whole subnet.

  • But you also hire your own private guard just for your house with specific instructions—this is like an NSG. It follows your custom rules, no matter what the society rules are.

In other words:

  • Security List = Shared gate rules

  • NSG = Personalized security guard for selected homes (resources)


Now, let's see how to create a Network Security Group and attach it to a Compute Instance:


  • To access the Oracle Cloud Infrastructure (OCI) Console, navigate to https://www.oracle.com/
  • Upon successful login, you will be redirected to the Oracle Cloud Console homepage



  • Navigate to  Navigation Menu -> Networking -> Virtual cloud networks


  • Choose the compartment and click on VCN Name in which you want to create Network Security Group:

  • Navigate to Network Security Group section and click Create Network Security Group button:

  • Enter the below details:
    1. Name
    2. Choose the compartment
    3. Add Ingress Rule for port 22
    4. Click on Create button once done


  • Network Security Group will be created:

  • Now this Network Security Group can be assigned to any compute machine and all security rules will be applied. 
  • Navigate to the compute machine details screen and add the Network Security Group, by clicking on Edit button:


  • Select the Network Security Group and click save changes:


Now suppose if your security list of your VCN does not allow port 22, but you assign this NSG to your compute machine, then also your machine will be allowed SSH connection.


Comments

Post a Comment

All Categories

Account Hierarchy1 Accounting Flexfields1 AP Invoices3 API2 ASCII1 Autonomous Database1 BIP7 BIP Refresh Time1 BIP Report1 Business Unit1
Call Fusion BIP Report2 Change Password1 Code Combinations2 Compute Instance2 CTE1 Customer1 Data Aggregation2 Database5 Date Conversion1 DB Adapter2 Decryption1 Development1 EBS4 Encryption1 ESS Jobs3 Examine1 FBDI3 Fusion APIs1 Fusion BIP7 GIT2 GL3 GL Journals1 GL_DAILY_CONVERSION_TYPES1 GL_DAILY_RATES1 ICS1 Identity Domain1 Integrations1 Java1 Journal Import1 Keys1 Legal Entity1 LookupTypeLOV1 LOV1 LOVs1 MultiPartAPIs1 Networking1 NVL2 NVL in OIC2 OCI11 OCI Billing1 OCI Compute5 OCI Cost Management1 OCI Events Service1 OCI Free Tier3 OCI Notifification Service1 OCI Security3 OIC4 OIC Mapper2 Oracle26 Oracle ADF17 Oracle APEX1 Oracle Apps59 Oracle Apps R126 Oracle ATP1 Oracle BIP8 Oracle Cloud12 Oracle Cloud Free Tier1 Oracle cloud Infrastructure9 Oracle Cloud Security2 Oracle Cloud VM1 Oracle DB4 oracle ebs5 Oracle ERP4 Oracle ERP Adapter2 Oracle ERP Cloud7 Oracle financials2 Oracle Forms1 Oracle Fusion57 Oracle Fusion BIP4 Oracle Fusion ERP17 Oracle Fusion Financials18 Oracle Integration Cloud3 Oracle OAF17 Oracle OCI14 Oracle OIC22 Oracle SOA 12c10 Oracle SQL17 Oracle VBCS1 Oracle VBS2 Oracle Visual Builder Cloud Service1 Oracle Visual Builder Studio2 Oracle Workflow Notifications1 Others10 Payables2 Payables Import1 Properties1 R121 Register BIP as ESS Job1 Reset Password1 Responsibility1 REST4 Security List1 Site Map1 SOAP2 SOAP API2 SOAP UI3 SQL16 SQL Functions3 SQL Queries14 SQL Query8 SQL Tips3 SSH1 TCA1 Value Sets1 VBCS1 Virtual Machine2 Virtual Machines1 XML1 XSLT1
Show more