Table: oci_network_firewall_firewall - Query OCI Network Firewall Firewalls using SQL
The Oracle Cloud Infrastructure (OCI) Network Firewall is a feature of OCI's Virtual Cloud Network (VCN) that provides a security boundary to protect your cloud network resources. It acts as a barrier between your VCN and the public internet, monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. This Firewall service helps in enhancing the security of your cloud resources by reducing the exposure to threats.
Table Usage Guide
The oci_network_firewall_firewall table provides insights into the firewalls within OCI's Network Firewall service. As a Security Analyst, you can explore firewall-specific details through this table, including the associated VCN, the default actions for the firewall's rule sets, and other metadata. Utilize this table to uncover information about your firewalls, such as their current state, the time they were created, and their internet gateway settings.
Examples
Basic info
Explore the basic details of your Oracle Cloud Infrastructure network firewalls to gain insights into their availability domains, IP addresses, associated security groups, and current lifecycle state. This allows for efficient management and monitoring of your network security.
select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewall;select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewall;List network firewalls created in the last 30 days
Explore which network firewalls have been created in the past 30 days. This insight can help in assessing recent changes in your network security landscape, enabling you to better manage and monitor your infrastructure's security.
select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewallwhere time_created >= now() - interval '30' day;select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewallwhere time_created >= datetime('now', '-30 day');List network firewalls having IPv6 address
Identify network firewalls that have been assigned an IPv6 address. This can be useful for managing network security and ensuring all devices are properly configured for IPv6 connectivity.
select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewallwhere ipv6_address is not null;select id, display_name, availability_domain, ipv4_address, ipv6_address, network_firewall_policy_id, network_security_group_ids, subnet_id, lifecycle_state as statefrom oci_network_firewall_firewallwhere ipv6_address is not null;Describe the network firewall policy associated to the network firewall
Explore the association between network firewalls and their corresponding policies. This can be useful for understanding the lifecycle details of the policy and determining the firewall's adherence to it.
select f.display_name as firewall_name, f.id as firewall_id, p.display_name as policy_display_name, p.id as policy_id, p.lifecycle_details as policy_lifecyclefrom oci_network_firewall_firewall as f left join oci_network_firewall_policy as p on f.network_firewall_policy_id = p.id;select f.display_name as firewall_name, f.id as firewall_id, p.display_name as policy_display_name, p.id as policy_id, p.lifecycle_details as policy_lifecyclefrom oci_network_firewall_firewall as f left join oci_network_firewall_policy as p on f.network_firewall_policy_id = p.id;Schema for oci_network_firewall_firewall
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| availability_domain | text | = | A filter to return only resources that are present within the specified availability domain. |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| display_name | text | = | A user-friendly name for the Network Firewall. |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the Network Firewall resource. |
| ipv4_address | inet | IPv4 address for the Network Firewall. | |
| ipv6_address | inet | IPv6 address for the Network Firewall. | |
| lifecycle_details | text | A message describing the current state in more detail. | |
| lifecycle_state | text | = | The current state of the Network Firewall. |
| network_firewall_policy_id | text | = | The OCID of the Network Firewall Policy. |
| network_security_group_ids | jsonb | An array of network security groups OCID associated with the Network Firewall. | |
| subnet_id | text | The OCID of the subnet associated with the Network Firewall. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | The OCID of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | Time that Network Firewall was created. | |
| title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_network_firewall_firewall