Configure NetFoundry Zero Trust Networking for Oracle Autonomous Database (ADW) private endpoint access.


Introduction - Oracle Autonomous Database

Oracle Cloud Infrastructure's Autonomous Database is a fully-managed, preconfigured database environment with three workload types available, Autonomous Transaction Processing, Autonomous Data Warehouse and Autonomous JSON Database. You do not need to configure or manage any hardware or install any software. After provisioning, you can scale the number of CPU cores or the storage capacity of the database at any time without impacting availability or performance. Autonomous Database handles creating the database, as well as the following maintenance tasks:

  • Backing up the database
  • Patching the database
  • Upgrading the database
  • Tuning the database

Autonomous Database with Private Endpoint

Private endpoint refers to a network setup for your Autonomous Database with shared Exadata infrastructure where all network traffic moves through a private endpoint within a VCN  in your tenancy. If your organization has strict security mandates that do not allow you to have a public endpoint for your database, this provides you with the necessary private endpoint. Additionally, this configuration uses no public subnets and allows you to keep all traffic to and from your Autonomous Database off of the public internet. The following solution brief provides an outline for configuring NetFoundry networking to access a private endpoint within the Oracle Autonomous Database offering. 


NetFoundry Solution Overview





You have a working NetFoundry network with NetFoundry Hosted Edge Routers and an Edge Router Policy with at least 1 NetFoundry Hosted Edge Router and endpoints with #all. More information can be found here under Endpoints & Edge Routers.





Build the environment


Step 1

Assumption: You have a working Compartment and a VCN with Internet connectivity established.  The Public Subnet should have an Internet Gateway and the Private subnet should have a NAT Gateway. You should also have a NSG associated with the VCN. We used a single rule of all traffic from VCN subnet only.


From the OCI Dashboard select "Create an ADW database"




Choose your desired Database type. Transaction processing and Shared infrastructure are chosen for this example. 









Once completed, you should have a functioning DB with a private endpoint.




Step 2

From the NetFoundry console Create an edge router for the instance we will create in OCI.  NOTE: Attribute is optional




Record / Copy Registration Key




Return to the Oracle Cloud portal  to create NetFoundry Edge Router from Marketplace. 






NOTE: paste key into init script to self register the Edge Router during creation.




Step 3

Create your endpoint from the NetFoundry Console, download JWT file and add your identity to finish the installation. These instructions can be found at


Next we'll focus on configuring the NetFoundry Service/AppWAN to access the Database privately over the secure connection. From the NetFoundry console, select "Services".

NOTE: Using the data from tnsnames.ora,  identify your db application hostname, Also note your private IP from the OCI portal if you did not record it during build.





During service creation, deselect Native Application - SDK based and select Router termination.




Provide the Hostname/Port for Client configuration and the Private IP/Port for the server configuration. Select the Router configured in the previous step to host this service from the drop down list.





Let's now configure your AppWAN. Select the service from the previous step and the endpoint to connect to the database.




Verify that your service is listed in the NetFoundry endpoint software.




To test client db connectivity, you may also need to Configure Oracle Client access and download the client to interact with the database.

Install Oracle client







Was this article helpful?
2 out of 2 found this helpful



Please sign in to leave a comment.