Prepare network security groups before deploying the instance to Oracle Cloud Infrastructure to ensure properly configured rules for the data port and management port.
Before you deploy Virtual Network Sensor to Oracle Cloud Infrastructure, you need
to create two network security groups for the data port and management port. Because
the security settings are different between both ports, Trend Micro recommends using the steps below to create the network security groups before launching
the instance.
![]() |
ImportantYour network security groups must be on the same VCN as your Virtual Network Sensor
deployment. Before you begin, make sure you have chosen or created a VCN for the Virtual
Network Sensor.
|
![]() |
NoteThe steps contained in these instructions are valid as of September 2025.
|
Procedure
- Go to https://www.oracle.com/cloud/sign-in.html and sign in to Oracle Cloud Infrastructure.
- In the top navigation bar, select your target region for deploying the Virtual Network Sensor.
- Click the navigation menu icon (
) on the top left and go to .
- Click the VCN where you plan to deploy the Virtual Network Sensor.
- On the details page, perform one of the following actions depending on the option
that you see:
- On the Security tab, go to the Network Security Groups section.
- Under Resources, select Network Security Groups.
- Create a network security group for the management port.
- Click Create Network Security Group.
- Specify a name for the network security group.
- Select a compartment.For simplicity and ease of management, keep the network security group in the same compartment as the Virtual Network Sensor instance it protects.
- Add the following rules for inbound traffic to the Virtual Network Sensor management
port:DirectionSource TypeSource CIDRIP ProtocolsSource Port RangeDestination Port RangePurposeIngressCIDRSpecify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.SSH (TCP/22)All22For accessing the Virtual Network Sensor CLISH consoleIngressCIDRSpecify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.TCPAll80For exporting debug logsIngressCIDRSpecify the IP address in CIDR notation of the NLB created for your Virtual Network Sensor.TCPAll14789For answering NLB health check
Note
Add this rule after you have created the NLB. For details, see Configure traffic mirroring on Oracle Cloud Infrastructure. - Add the following rule for outbound traffic from the Virtual Network Sensor management
port:DirectionDestination TypeDestinationIP ProtocolsSource Port RangeDestination Port RangePurposeEgressCIDR0.0.0.0/0All Protocols--For allowing all outbound traffic
- Click Create.The network security group details screen is displayed.
- Go back to the VCN details page.
- Create a network security group for the Virtual Network Sensor data port.
- Click Create Network Security Group.
- Specify a name for the network security group.
- Select the same compartment used by the network security group for the Virtual Network Sensor management port.
- Add the following rules for inbound traffic to the Virtual Network Sensor data port:DirectionSource TypeSource CIDRIP ProtocolsSource Port RangeDestination Port RangePurposeIngressCIDR0.0.0.0/0All Protocols--For allowing all inbound traffic
- Add the following rule for outbound traffic from the Virtual Network Sensor data port:DirectionDestination TypeDestinationIP ProtocolsSource Port RangeDestination Port RangePurposeEgressCIDR0.0.0.0/0All Protocols--For allowing all outbound traffic
- Click Create.The network security group details screen is displayed.