Enabling Zero Trust Packet Routing
Enable the Zero Trust Packet Routing (ZPR) service in a tenancy.
ZPR can be enabled only in the home region of a tenancy. Enabling ZPR in a tenancy creates a default Oracle-ZPR
security attribute namespace and allows you to apply security attributes to supported resources. Communication to and from resources is governed by ZPR policy. You can try ZPR for free and add security attributes and ZPR policies to new or existing OCI resources.
Enabling ZPR doesn't affect communication to and from resources without a security attribute. ZPR policy is enforced only on resources with a security attribute.
ZPR is built on top of existing network security group (NSG) , security list, and route table rules. For a packet to reach a target, it must have a route table entry and pass all NSG, security list, and ZPR policy rules. If the route table entry is missing or if the NSG, security list, or ZPR policy doesn't allow traffic, the traffic is dropped.
After you enable ZPR, you can use the default security attribute namespace or create a new namespace, and also create security attributes. You then create ZPR policies and add the security attributes to OCI resources to affect network traffic.
- Open the navigation menu , select Identity & Security, and then select Zero Trust Packet Routing.
- Select Enable ZPR.
- Select Enable ZPR again to confirm.
Use the oci zpr configuration create command and required parameters to enable Zero Trust Packet Routing in the tenancy:
oci zpr configuration create --compartment-id <compartment_ocid> [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateConfiguration operation to enable Zero Trust Packet Routing in the tenancy.