Search This Blog

Friday, 27 February 2026

EBS Cloud manager - cloning error - Ingress rule restricted port is open

 EBS Cloud manager - cloning error - Ingress rule restricted port is open



Resolution:


from Oracle support - KB587437


Applies To

All Users
EBS on Oracle Cloud: Provisioning and Administration - Version 12.2.4 and later

Summary

On : 12.2.4 version, EBS Clone & Config

While trying to Create a Network Profile from EBS Cloud Manager (EBSCM), it fails at the subtask "Validate Ingress Rules".

ERROR
--------

Below errors would be logged in validateIngressRules.log.

Failed in validating below ingress rules:
SUBNET NAME:<YYYY>,SOURCE
CIDR:<Subnet_CIDR>,PROTOCOL:TCP,DESTINATION PORT:<port> - Ingress rule
restricted port is open
...
...

Network profile : <xxxxx>
[2023/03/24 16:31:27]:CMProfile::_read_network_profile: ERROR: -------------------------------
[2023/03/24 16:31:27]:CMProfile::_read_network_profile: ERROR: Task validateIngressRules for environment <xxxxx> Failed
Creating diagnostic zip...
stty: standard input: Inappropriate ioctl for device

STEPS
---------
1. Login to EBS CLoud Manager.
2. Click the Navigator icon > select Administration > and then select Network Profiles.
3. In the Network Profiles page > click Create Network Profile.
4. Enter all the details to create network profile and then click submit.
(EBS Cloud Manager guide: https://docs.oracle.com/cd/E26401_01/doc.122/f35809.pdf contains these steps)

Solution

Solution Steps:

1. Login into OCI Console and validate the security lists for the corresponding subnet in VCN (Virtual Cloud Network).
Navigate toVCN > Subnet > Security Lists > Ingress Rules.

2. Remove the unrestricted ingress rules which was open for all ports.
Select the ingress rule for <Subnet_CIDR> (mentioned in the error log) which allows "All traffic for all ports" and click Remove.
Instead we have to open only for required ports.

3. Add the ingress rules only for the required ports as listed in the Cloud Manager guide below:

https://docs.oracle.com/cd/E26401_01/doc.122/f35809/T679330T679340.htm#cmg_prepare_seclists


4. Login to EBSCM and restart the create network profile job and verify it completes successfully.

Cause

No changes. Creating Network Profile from EBSCM.

The cause of the failure of ingress rules validation:
Having an ingress rule in security list that provided access for all the ports between internal apps subnet (INTERNAL_SN) and external apps subnet (EXTERNAL_SN).

This is causing network profile creation failure.

Bug 35233856 : EBSCM - CREATE NETWORK PROFILE STUCK WITH STATUS MAIN RUN STATUS PENDING

References

MOS document id: 2943992.1

Product Versions

product: EBS on Oracle Cloud: Provisioning and Administration - min_version: 12.2.4 - max_version: none; Information in this article applies to GENERIC (All Platforms)




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

EBS Cloud manager - cloning error - Ingress rule restricted port is open

 EBS Cloud manager - cloning error - Ingress rule restricted port is open Resolution: from Oracle support - KB587437 Applies To All Users ...