Security Rules and Monitoring/Events

Stateless rules do not keep track of TCP session state between source and destination. This allows for greater performance and scalability.

Stateless rules are recommended for use cases such as an internet facing website that experiences high-volumes of traffic or OCI’s network firewall that’s able to perform a deeper stateful packet inspection.

When creating a stateless rule, you’ll need to create an ingress rule and a corresponding egress rule that allows the destination host to respond back to the source host using the same TCP port.

Stateful sessions are performance limited by each VNICs connection tracking table.

VNICs attached to OCI Instances provides many metrics related to networking such as connection tracking metrics. The Connection Tracking utilization metric shows how many concurrent TCP ports sessions are open on the VNIC.

The Connection Tracking Table Full metric shows rather or not the VNICs connection tracking table is full.

There are two additional metrics that shows if ingress or egress packets have been dropped due to a full Connection tracking table.

The size of a VNICs connection tracking table is varies by Instance size.

You can Monitor VNIC connection tracking metrics by creating alarms based on thresholds requirements.

When creating an alarm, provide a descriptive name, and provide a Metric Description. Connection tracking metrics are located under the oci_vcn metric namespace.

View the companion blog located here: https://www.ateam-oracle.com/post/security-rules-and-monitoring-rule-events

To learn more about security rules and best practices, please visit our website at OCI.com.
----------------------------------------------
Copyright © 2023, Oracle and/or its affiliates.