OCI Support for Distributed Cloud Firewall

Starting with Aviatrix Controller version 8.2, Distributed Cloud Firewall (DCF) supports Oracle Cloud Infrastructure (OCI) in addition to AWS, Azure, and GCP. This enhancement allows enterprises to enforce consistent security policies across multicloud environments, including OCI workloads.

Key Capabilities

  • Expanded Cloud Coverage: DCF rules can now be applied to OCI resources

  • Unified Security Posture: Maintain consistent firewall policies across AWS, Azure, GCP, and OCI

  • Enterprise Readiness: Extend Aviatrix security controls to OCI without additional complexity

Prerequisites

  • Aviatrix Controller version 8.2 or later

  • OCI account onboarded in Aviatrix Controller

  • DCF feature enabled in CoPilot

Configure DCF for OCI

Enable DCF

  1. Go to CoPilot > Security > Distributed Cloud Firewall > Settings > Distributed Cloud Firewall.

  2. Toggle Enable to enable Distributed Cloud Firewall.

  3. Confirm that the Default Action Rule is enabled.

Enable Enforcement on OCI

  1. Go to CoPilot > Security > Distributed Cloud Firewall > Settings > Enforcement on Clouds.

  2. Click Manage.

  3. On the Manage Enforcement on Clouds page, toggle OCI to ON.

  4. Click Save.

Apply DCF Rules

Once enforcement is enabled, DCF rules automatically apply to OCI resources.

You can manage the DCF rules under CoPilot > Security > Distributed Cloud Firewall > Policies, then choose the related DCF rules.

Terraform Configuration

resource "aviatrix_dcf_enforcement" "oci" {
    cloud_type = "OCI"
    enabled    = true
}

Best Practices

  • Consistency: Align OCI rules with existing AWS, Azure, and GCP rules for uniform security

  • Granularity: Use SmartGroups to dynamically group OCI resources based on tags or attributes

  • Audit: Regularly review enforcement status in CoPilot to ensure OCI workloads are protected