Saucepan

User Tools

Site Tools

Trace: oracle
paloaltonetworks:vmseries:oracle

This is an old revision of the document!

Table of Contents

Oracle Cloud

Troubleshooting

Here is the official troubleshooting guide.

VM Instances

Remember VM.Standard2.4 is limited to four network interfaces. One for MGMT and three for dataplane.

VM.Standard2.8 is limited to eight network interfaces. One for MGMT and three for dataplane.

Since 2020, VM.Standard2.1 will also cover a VM-100 if needed.

PAYG Costs

Load balancers will cost you about £0.40 per day.

Block Storage for Firewalls will cost you about £0.15 per day per firewall.

When clearning out a lab account, do not forget to got to Compute > Boot Columes and delete all instances. Otherwise you will be paying £5-£10 a month.

Security Policies

If you want the managment interfaces to ping each other, you must allow icmp in the ingress securty list for the MGMT subnet.

Health Probes

Create a public load balancer, set the VPC to public and the subnet to public-subnet. Then add both firewalls as the backend. However, this will only set the first two isntance Specify that the listener is TCP as we don't want the load balancer to actually terminate the session. E.G. specify 443

Ensure below Health check config for the Load Balancer:

  • URL PATH (URI) is set to /php/login.php
  • Status Code is set to 200

After you specify the load balancer backends and create the load balancer, you need to edit the backend and add two more backends where you specify the IP address of the firewall interface rather than just specifying the instance. Specifying the instance just added the first interfaec IP (i.e. the mgmt IP). You need to add the correct data plane private IP and remove teh mgmtm ones.

HA

Remember, if you use the root compartment, you may run into issues deploying HA policy.

HA1 cannot use MGMT interface when MGMT interface is set to DHCP. You have to set the MGMT IP to be static. I also found that I had to go into the HA1 config, select MGMT and then select it from the drop down list (the preselected MGMT is somehow wrong).

VPN

Oracle supports only the following parameters for phase-2 (when your office firewall connects VPN to Oracle VPN gateway).

  • IPSec Protocol: ESP
  • Encryption: aes-256-cbc
  • Authentication: sha1
  • DH Group: group5
  • Lifetime: 3600 secs
paloaltonetworks/vmseries/oracle.1603455852.txt.gz · Last modified: (external edit)