Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle and Firewall

RE: Oracle and Firewall

From: Thater, William <William.Thater_at_carrier.utc.com>
Date: Fri, 21 Nov 2003 09:54:58 -0800
Message-ID: <F001.005D771A.20031121095458@fatcity.com> 





Arup Nanda  scribbled on the wall in glitter crayon:



> (1) use firewall around the subnet where both app/web server and db

> server exist; not a firewall between them.

> (2) Use TCP Node checking to restrict Net8 traffic to the db server

> only from the app server.

> (3) Use Connection Manager. USing CM, known ports are used for

> communication, typically 1630 and 1631 (or is it 1634?) and only

> those can be opened up for connection.

> (4) Use Shared Servers. The connectiosn pass through the dispatchers.

> Since the ports used by them can be known, those ports can be opened

> up. (5) Use SSH redirection.

> (6) Use a commercial firewall product that can perform

> proxy-redirection, which preserves the port number in all established

> connections, even though actual ports used may be different.

> 

> If anyone has any more options, I would love to know.




Oracle has worked wit a number of firewall venders to allow their firewalls
to detect NET8 traffic.  that way it can be set up to pass traffic between
two nodes with a simple rule.  and i'm sorry but i'm out of the network set
up side so i don't know the current list of firewall venders this works
with, but it would pay to check with yours and see if this is available.
you sometimes need to either add a plug in or update the firewall itself.


--
Bill "Shrek" Thater     ORACLE DBA      
"I'm going to work my ticket if I can..." -- Gilwell song
                william.thater_at_carrier.utc.com
------------------------------------------------------------------------
Maniac:  An early computer built by nuts...
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Thater, William
  INET: William.Thater_at_carrier.utc.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Nov 21 2003 - 11:54:58 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US