Skip to content

OCI Ingress

The Valtix Gateway is deployed in a VPC to protect the internet facing applications. The Gateway acts as a Reverse Proxy. Users on the internet access the application via the Valtix Gateway. You configure the backend destination (the original application) as a proxy target on the Valtix Gateway. The proxy enables Valtix to decrypt TLS traffic and perform deep packet inspection. The proxied traffic to the backend/target can be sent as plain text HTTP, HTTPS, TCP or TLS.

  1. Navigate to Manage -> Gateways -> Gateways
  2. Click Add Gateway
  3. Select the OCI account previously created
  4. Click Next

    Parameter Description
    Name Name of the gateway being created. This is used to distinguish different sets of gateways in Valtix controller.
    Description Optional. Description of this set of Valtix gateways.
    Instance Type Choose the type from the drop down
    Minimum Instances Select the minimum number of instances that you plan to deploy. This is the minimum number of instances in each availability zone
    Maximum Instances Select the maximum number instances that you plan to deploy. This is the maximum number that is used for auto-scaling in each availability zone
    Health Check Port Default 65534. Port number used by Valtix Load Balancer to check the health of the instances. Datapath security group assigned to the instances must allow traffic on this port.
    Gateway Image Select the image from the dropdown
    Packet Capture Profile Packet capture profile for threat and flow pcaps
    Diagnostics Profile Diagnostics profile used to store technical support information.
    Log Profile Profile to forward logs to Splunk, Datadog or Syslog
  5. Click Next

    Parameter Description
    Security Ingress
    Policy Ruleset Select an existing ruleset or choose to create new one
    Region Region where the Gateway is deployed
    Compartment ID The compartment to deploy Valtix gateway.
    SSH Public key SSH public key to use when deploying Valtix gateway. This key will only be used if we need access to the Valtix gateway. This needs to be in ssh-rsa format.
    VCN ID The Virtual Cloud Network ID to deploy Valtix gateway
    Mgmt. Security Group The Network Security Group to attach to management interface
    Datapath Security Group The Network Security Group to attach to secondary interface
    Availability Zone Availability Zone to deploy Valtix gateway
    Mgmt. Subnet Subnet for Valtix gateway management interface
    Datapath Subnet Subnet for Valtix gateway datapath interface

NOTE

Customers will need to agree to the terms and condition for the first time in each compartment. Valtix community image is avaliable in San Jose and Phoenix region.