Enabling Zero Trust Packet Routing
Enable the Zero Trust Packet Routing (ZPR) service in a tenancy.
Enabling ZPR in a tenancy creates a default Oracle-ZPR
security attribute namespace and allows you to apply security attributes to supported resources. Communication to and from resources is governed by ZPR policy. You can try ZPR for free and apply security attributes and ZPR policies to new or existing OCI resources.
Enabling ZPR doesn't affect communication to and from resources without a security attribute. ZPR policy is only enforced on resources with a security attribute.
ZPR is built on top of existing network security group (NSG) and security control list (SCL) rules. For a packet to reach a target, it must pass all NSG and SCL rules, and ZPR policy. If any NSG, SCL, or ZPR rule or policy doesn't allow traffic, the request is dropped.
- Open the navigation menu, click Identity & Security, and then click Zero Trust Packet Routing.
- Click Enable ZPR.
- Click Enable ZPR again to confirm.
Use the oci zpr configuration create command and required parameters to enable Zero Trust Packet Routing in the tenancy:
oci zpr configuration create --compartment-id <compartment_ocid> [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateConfiguration operation to enable Zero Trust Packet Routing in the tenancy.