Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle and Firewall

RE: Oracle and Firewall

From: Thater, William <>
Date: Fri, 21 Nov 2003 09:54:58 -0800
Message-ID: <>

Arup Nanda scribbled on the wall in glitter crayon:

> (1) use firewall around the subnet where both app/web server and db
> server exist; not a firewall between them.
> (2) Use TCP Node checking to restrict Net8 traffic to the db server
> only from the app server.
> (3) Use Connection Manager. USing CM, known ports are used for
> communication, typically 1630 and 1631 (or is it 1634?) and only
> those can be opened up for connection.
> (4) Use Shared Servers. The connectiosn pass through the dispatchers.
> Since the ports used by them can be known, those ports can be opened
> up. (5) Use SSH redirection.
> (6) Use a commercial firewall product that can perform
> proxy-redirection, which preserves the port number in all established
> connections, even though actual ports used may be different.
> If anyone has any more options, I would love to know.

Oracle has worked wit a number of firewall venders to allow their firewalls to detect NET8 traffic. that way it can be set up to pass traffic between two nodes with a simple rule. and i'm sorry but i'm out of the network set up side so i don't know the current list of firewall venders this works with, but it would pay to check with yours and see if this is available. you sometimes need to either add a plug in or update the firewall itself.

Bill "Shrek" Thater     ORACLE DBA      
"I'm going to work my ticket if I can..." -- Gilwell song
Maniac:  An early computer built by nuts...
Please see the official ORACLE-L FAQ:
Author: Thater, William

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Fri Nov 21 2003 - 11:54:58 CST

Original text of this message