Views:

Prepare network security groups before deploying the instance to Oracle Cloud Infrastructure to ensure properly configured rules for the data port and management port.

Before you deploy Virtual Network Sensor to Oracle Cloud Infrastructure, you need to create two network security groups for the data port and management port. Because the security settings are different between both ports, Trend Micro recommends using the steps below to create the network security groups before launching the instance.
Important
Important
Your network security groups must be on the same VCN as your Virtual Network Sensor deployment. Before you begin, make sure you have chosen or created a VCN for the Virtual Network Sensor.
Note
Note
The steps contained in these instructions are valid as of September 2025.

Procedure

  1. Go to https://www.oracle.com/cloud/sign-in.html and sign in to Oracle Cloud Infrastructure.
  2. In the top navigation bar, select your target region for deploying the Virtual Network Sensor.
  3. Click the navigation menu icon (OracleOCI_navigation_menu=20250922030811.png) on the top left and go to NetworkingVirtual cloud networks.
  4. Click the VCN where you plan to deploy the Virtual Network Sensor.
  5. On the details page, perform one of the following actions depending on the option that you see:
    • On the Security tab, go to the Network Security Groups section.
    • Under Resources, select Network Security Groups.
  6. Create a network security group for the management port.
    1. Click Create Network Security Group.
    2. Specify a name for the network security group.
    3. Select a compartment.
      For simplicity and ease of management, keep the network security group in the same compartment as the Virtual Network Sensor instance it protects.
    4. Add the following rules for inbound traffic to the Virtual Network Sensor management port:
      Direction
      Source Type
      Source CIDR
      IP Protocols
      Source Port Range
      Destination Port Range
      Purpose
      Ingress
      CIDR
      Specify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.
      SSH (TCP/22)
      All
      22
      For accessing the Virtual Network Sensor CLISH console
      Ingress
      CIDR
      Specify the IP address in CIDR notation which is allowed to access the Virtual Network Sensor.
      TCP
      All
      80
      For exporting debug logs
      Ingress
      CIDR
      Specify the IP address in CIDR notation of the NLB created for your Virtual Network Sensor.
      TCP
      All
      14789
      For answering NLB health check
      Note
      Note
      Add this rule after you have created the NLB. For details, see Configure traffic mirroring on Oracle Cloud Infrastructure.
    5. Add the following rule for outbound traffic from the Virtual Network Sensor management port:
      Direction
      Destination Type
      Destination
      IP Protocols
      Source Port Range
      Destination Port Range
      Purpose
      Egress
      CIDR
      0.0.0.0/0
      All Protocols
      -
      -
      For allowing all outbound traffic
    6. Click Create.
      The network security group details screen is displayed.
  7. Go back to the VCN details page.
  8. Create a network security group for the Virtual Network Sensor data port.
    1. Click Create Network Security Group.
    2. Specify a name for the network security group.
    3. Select the same compartment used by the network security group for the Virtual Network Sensor management port.
    4. Add the following rules for inbound traffic to the Virtual Network Sensor data port:
      Direction
      Source Type
      Source CIDR
      IP Protocols
      Source Port Range
      Destination Port Range
      Purpose
      Ingress
      CIDR
      0.0.0.0/0
      All Protocols
      -
      -
      For allowing all inbound traffic
    5. Add the following rule for outbound traffic from the Virtual Network Sensor data port:
      Direction
      Destination Type
      Destination
      IP Protocols
      Source Port Range
      Destination Port Range
      Purpose
      Egress
      CIDR
      0.0.0.0/0
      All Protocols
      -
      -
      For allowing all outbound traffic
    6. Click Create.
      The network security group details screen is displayed.