Skip to content

Tech Notes

Valtix supports both Ingress and Egress/East-West protection for OCI. Inventory and Traffic Discovery are not supported.

In order to onboard the OCI Tenant, it is required to subscribe to the US West (San Jose) Region. If this Region is not subscribed, then the onboarding of the OCI Tenant will result in an error.

In order to deploy a Valtix Gateway into OCI, the Terms and Conditions for the Valtix Compute image must be accepted in each OCI Compartment. Otherwise the deployment will error out with an unauthorized error.

OCI Ingress

The Valtix Gateway is deployed in a VCN for Egress and East-West workload for protection. The Gateway operates in Forwarding and as a Forward Proxy.

  1. Navigate to Manage -> Gateways -> Gateways
  2. Click Add Gateway
  3. Select the onboarded OCI Account

  4. Click Next

    Parameter Description
    Name Name of the gateway being created. This is used to distinguish different sets of Gateways in Valtix Controller.
    Description (Optional) Description of this set of Valtix Gateways
    Instance Type Choose the type from the drop down
    Minimum Instances Select the minimum number of instances that you plan to deploy. This is the minimum number of instances in each availability zone
    Maximum Instances Select the maximum number instances that you plan to deploy. This is the maximum number that is used for auto-scaling in each availability zone
    Health Check Port Default 65534. Port number used by Valtix Load Balancer to check the health of the instances. Datapath security group assigned to the instances must allow traffic on this port.
    Gateway Image Select the image from the dropdown
    Packet Capture Profile Packet Capture Profile for threat and flow PCAPs
    Diagnostics Profile Diagnostics Profile used to store technical support information
    Log Profile Log Forwarding Profile to forward logs to various SIEMs

  5. Click Next

    Parameter Description
    Security East-West & Egress
    Policy Ruleset Select an existing ruleset or choose to create new one
    Region Region where the Gateway is deployed
    Compartment ID OCI Compartment where Valtix Gateway will be deployed
    SSH Public key SSH public key (ssh-rsa format) to use when deploying Valtix Gateway. Used for SSH to the Gateway for advanced troubleshooting.
    VCN ID The Virtual Cloud Network (VCN) ID to deploy Valtix Gateway
    Mgmt. Security Group The Network Security Group to attach to the Valtix Gateway management interface
    Datapath Security Group The Network Security Group to attach to the Valtix Gateway datapath interface
    Availability Zone Availability Zone to deploy Valtix Gateway instances
    Mgmt. Subnet Subnet for the Valtix Gateway management interface
    Datapath Subnet Subnet for the Valtix Gateway datapath interface