Oracle Database Cloud Service: Set up Access Rules

I’ve started to test Oracle Database Cloud Services. I applied for trial, it’s accepted (you can also get a trial account, there’s no special requirement for it). After I got my welcome emails, I created a database service. As expected, it was very easy. All I needed is to click a couple of times, enter mandatory information and then wait until my Database is provisioned.

Oracle creates a VM for each database because they provide SSH access to the server. This gives you more power than standard PaaS but I don’t know what happens if you make some modification on the OS level such as upgrading packages, changing kernel settings etc…

Anyway, after I created a Database Service, I wanted to connect to EM but I see that I couldn’t access the page. First, I though it’s a bug, then I remembered our company firewall rules are very strict and it’s related with our firewall, then I noticed that almost all ports (expect SSH) are blocked.


So after you create the database service, click to menu located at the right side of the database service name, and select “Access Rules” to open the access rules page.


In this page, you can see the predefined rules and their status. The last two rules are internal and you shouldn’t edit/disable them (read the description), you can enable or disable the other rules.

Here are the rules and what they are used for:

  • ora_p2_dblistener (port 1521), used by SQL*Net (as you know).
  • ora_p2_http (port 80), should be used for HTTP connections but I don’t see any service using it.
  • ora_p2_httpssl (port 443), used for HTTPS connections, including Oracle REST Data Services, APEX and Oracle DBaaS Monitor.
  • ora_p2_httpadmin (port 4848), should be used for GlassFish administration server, I do not know why it’s predefined.
  • ora_p2_dbconsole (port 1158), used by Enterprise Manager 11g Database Control. Enable it if your Database is 11g.
  • ora_p2_dbexpress (port 5500), used by Enterprise Manager Database Express 12c. Enable it if your Database is 12c.


You can also create your own rules. For example, you can create a rule to enable access for all ports from your own computer. Click on “create rule”, it will open a new window, give a name for the rule, enter the source IP (or just select public interface for all IPs), enter a port or a port range (for example 1-65535) and the protocol. As you can see, if I entered my own IP to give access to all ports on the database server.

So far, I liked what I see and I will probably write some more blog posts about Oracle Database Cloud Service in the following days

Please share

AWS Big Data Specialist. Oracle Certified Professional (OCP) for EBS R12, Oracle 10g and 11g. Co-author of "Expert Oracle Enterprise Manager 12c" book published by Apress. Awarded as Oracle ACE (in 2011) and Oracle ACE Director (in 2016) for the continuous contributions to the Oracle users community. Founding member, and vice president of Turkish Oracle User Group (TROUG). Presented at various international conferences including Oracle Open World.


  1. Rahul

    Excellent explanation. Can we change default port of 1521(listener) and 22 (ssh) in this DBaaS environment?

    • Gokhan Atil

      Yes you can. All you need is to modify listener (listener.ora) and ssh configurations (/etc/ssh/sshd_config).

Leave Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.