Create network security groups for Virtual Network Sensor

Views:

Prepare network security groups before deploying the instance to Oracle Cloud Infrastructure to ensure properly configured rules for the data port and management port.

Before you deploy Virtual Network Sensor to Oracle Cloud Infrastructure, you need to create two network security groups for the data port and management port. Because the security settings are different between both ports, Trend Micro recommends using the steps below to create the network security groups before launching the instance.

Important

Your network security groups must be on the same VCN as your Virtual Network Sensor deployment. Before you begin, make sure you have chosen or created a VCN for the Virtual Network Sensor.

Note

The steps contained in these instructions are valid as of September 2025.

Procedure

Go to https://www.oracle.com/cloud/sign-in.html and sign in to Oracle Cloud Infrastructure.
In the top navigation bar, select your target region for deploying the Virtual Network Sensor.
Click the navigation menu icon () on the top left and go to Networking → Virtual cloud networks.
Click the VCN where you plan to deploy the Virtual Network Sensor.
On the details page, perform one of the following actions depending on the option that you see:
- On the Security tab, go to the Network Security Groups section.
- Under Resources, select Network Security Groups.

Create a network security group for the management port.

Click Create Network Security Group.
Specify a name for the network security group.
Select a compartment.

For simplicity and ease of management, keep the network security group in the same compartment as the Virtual Network Sensor instance it protects.

Add the following rules for inbound traffic to the Virtual Network Sensor management port:

Direction

Source Type

Source CIDR

IP Protocols

Source Port Range

Destination Port Range

Purpose

Ingress

CIDR

Specify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.

SSH (TCP/22)

All

For accessing the Virtual Network Sensor CLISH console

Ingress

CIDR

Specify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.

TCP

All

For exporting debug logs

Ingress

CIDR

Specify the IP address in CIDR notation of the NLB created for your Virtual Network Sensor.

TCP

All

14789

For answering NLB health check

Note

Add this rule after you have created the NLB. For details, see Configure traffic mirroring on Oracle Cloud Infrastructure.

Add the following rule for outbound traffic from the Virtual Network Sensor management port:

Direction	Destination Type	Destination	IP Protocols	Source Port Range	Destination Port Range	Purpose
Egress	CIDR	0.0.0.0/0	All Protocols	-	-	For allowing all outbound traffic

Click Create.

The network security group details screen is displayed.

Go back to the VCN details page.

Create a network security group for the Virtual Network Sensor data port.

Click Create Network Security Group.
Specify a name for the network security group.
Select the same compartment used by the network security group for the Virtual Network Sensor management port.

Add the following rules for inbound traffic to the Virtual Network Sensor data port:

Direction	Source Type	Source CIDR	IP Protocols	Source Port Range	Destination Port Range	Purpose
Ingress	CIDR	0.0.0.0/0	All Protocols	-	-	For allowing all inbound traffic

Add the following rule for outbound traffic from the Virtual Network Sensor data port:

Direction	Destination Type	Destination	IP Protocols	Source Port Range	Destination Port Range	Purpose
Egress	CIDR	0.0.0.0/0	All Protocols	-	-	For allowing all outbound traffic

Click Create.

The network security group details screen is displayed.