Add Network Security Groups

In creating the optimized disk image with the previous step, we added a new Virtual Cloud Network (VCN) and subnet. We will create two network security groups from there: one for the stream managers, and one for the nodes.

1 - Navigate to Networking, Virtual Cloud Networks and click on the VCN that you created (note: if you have multiple compartments make sure you are in the correct one). vcn

2 - From the left-hand Resources list, click on Network Security Groups vcn-resources

3 - Click on Create Network Security Group, and give the node-security group a name (record the name in your checklist for the cloud.oracle_network_security_group value), then click on Next

4 - Add an Egress rule, destination type = CIDR, destination CIDR = for all protocols. Then add Ingress rules, source type = CIDR, source CIDR =, for the Red5 Pro required destination ports:

5080default web access of Red5 Pro/Websockets for WebRTCTCP
1935default Red5 Pro RTMP portTCP
8554default RTSP portTCP
40000-65535TURN/STUN/ICE port range for WebRTCUDP


5 - Create a second network security group for your stream manager(s) with the following ports open:

5080default web access of Red5 Pro/Websockets for WebRTCTCP
80default HTTP (required if using Let's Encrypt for SSL cert)TCP
443default HTTPS portTCP

Security Lists

Navigate back to the VCN and select Security Lists from the left-hand Resources menu.

  • SSH access is allowed through the Default Security List for your VNC. If you want to restrict SSH access then you can change the source from the default
  • You will also need to add port 3306 for MySQL access. You can set the source to since the database will only have a private IP, and thus can only be accessed via servers in the same subnet. If you want to, you can modify this access to included only the stream manager and terraform servers.