Oracle Service Gateway

Private access to Oracle Cloud

Network traffic avoids public internet

Available at no charge, Oracle Service Gateway provides secure, private access to Oracle Cloud from a customer’s virtual cloud network (VCN), enabling access to 50+ Oracle Cloud services without exposing network traffic to the public internet. On-premises hosts use their private IP addresses and traffic is routed to Oracle Cloud via virtual private network (VPN) or FastConnect.

Isolated by design

Just like within a traditional data center network, customer’s use the VCN and Service Gateway to create isolated subnets, route tables, and stateful firewalls aligned to Service Gateway endpoints. As a result, consumer-to-service private connections (C2S) are established without ever having to traverse the public internet.

• Learn more about virtual cloud networks (4:55)

Simplified deployment and management

Easy to configure

Customers use the Oracle Cloud Infrastructure (OCI) Console to create a Service Gateway in minutes with as little as five clicks. Additional Service Gateway access methods include the Command Line Interface and OCI API.

Adapts to network changes

The Service Gateway automatically adapts to accommodate new service usage and changes in network topology or IP addresses. Instead of using IP addresses to configure routes and security rules, Service Gateway uses Classless Inter Domain Routing (CaIDR) to route requests and traffic through private network nodes.

End-to-end network security

Isolated network virtualization

Prevent attacks with isolated network virtualization—a foundational element of Oracle Cloud Infrastructure’s security-first architecture. A custom-designed SmartNIC uses software-defined Networking to virtualize network traffic, removing control of the network from the host.

Maximum Security Zones

With Oracle Maximum Security Zones, Oracle is the first public cloud provider to activate security policy enforcement of best practices automatically from day one, so customers can prevent misconfiguration errors and deploy workloads securely.

Oracle Cloud Guard

For day-to-day operations, Oracle Cloud Guard continuously monitors configurations and activities to identify threats and automatically acts to remediate them across all Oracle Cloud global regions. Oracle is the only cloud service provider to offer a cloud security posture management dashboard at no additional cost, with numerous pre-built tools that automate response to reduce customer risk quickly and efficiently.

Supported cloud services

Service Gateway access

More than 50 Oracle Cloud services can be accessed from the private subnets in your VCN via Service Gateway. Learn more about Service Gateway.

Additional network gateways

Oracle offers customers four additional gateways to accommodate specific networking requirements:

• Internet Gateway: provides subnets with direct access to public endpoints on the internet. Connections can be initiated from the subnet or from the internet.
• Network Address Translation (NAT) Gateway: enables private resources in a VCN to access hosts on the internet without exposing those resources to incoming internet connections. Connections can be initiated only from the subnet.
• Dynamic Routing Gateway (DRG): provides connectivity to networks outside the VCN's region (for example, your on-premises network by way of an IPSec VPN or FastConnect, or a peered VCN in another region).
• Local Peering Gateway (LPG): provides connectivity to a peered VCN in the same Oracle region.