Re: Oracle 12.1.0.2 and firewalls

From: Freek D'Hooge <freek.dhooge_at_gmail.com>
Date: Wed, 15 Apr 2015 11:47:24 +0200
Message-ID: <1429091244.9634.14.camel_at_dhoogfr-lpt1>

George,

Yes, once initialized it does not matter on which other port the connection is handed off.
I don't know of any MOS notes, but google for sqlnet ALG (application layer gateway) for further explanations by different firewall versions.

But there is a good chance that your firewall guys are actually already knowing this and there is just some lost in translation issues about requirements.

Kind regards,

-- 
Freek D'Hooge
Exitas NV
Senior Oracle DBA
email: freek.dhooge_at_exitas.be
tel +32(03) 443 12 38
http://www.exitas.be 

On wo, 2015-04-15 at 11:25 +0200, George wrote:


> Hi Freek

> 

> 

> 

> I'm then going to assume that when the connection is "handed off" to

> another port for the actual connection the firewall understands that

> the user will be knocking on this other port, on which the user

> process is now listening.

> 

> 

> Do you know of a MOS note other than the 2 I listed that explains

> this.

> 

> 

> G

> 

> 

> On Wed, Apr 15, 2015 at 11:05 AM, Freek D'Hooge

> <freek.dhooge_at_gmail.com> wrote:

> 

>         George,

>         

>         Normally the firewall "understands" sql*net traffic and it is

>         possible to mark the original port (the one on which the

>         listener is listening, eg 1521) as sql*net.

>         This way, the firewall guys only need to open port 1521 and

>         mark it as sql*net and no other ports need to be opened nor do

>         you need to switch to CMAN or MTS.

>         

>         

>         Kind regards,

>         

>         

>         

>         

>         

>         On wo, 2015-04-15 at 10:54 +0200, George wrote: 

>         

>         > Hi all

>         > 

>         > 

>         > Client is going to be running the above version on Linux.

>         > 

>         > 

>         > Firewall guys are refusing to open any ports other than 22

>         > for ssh and then 1521, 1523 and 1527.

>         > 

>         > 

>         > I seem to remember a port redirection use to happen, on a

>         > random port, for the incoming connection after the initial

>         > hand shake, of course this will fail now.

>         > 

>         > 

>         > Allot of notes are out there how to use shared_ on NT. not

>         > applicable.

>         > 

>         > 

>         > I've found the following 2 notes: Doc ID 361284.1

>         > and 125021.1

>         > 

>         > 

>         > My options seem to be CMAN or MTS.

>         > 

>         > 

>         > comments and advise appreciated.

>         > 

>         > 

>         > G

>         > -- 

>         > You have the obligation to inform one honestly of the risk,

>         > and as a person

>         > you are committed to educate yourself to the total risk in

>         > any activity!

>         > 

>         > Once informed & totally aware of the risk,

>         > every fool has the right to kill or injure themselves as

>         > they see fit!

> 

> 

> 

> 

> 

> 

> 

> -- 

> 

> You have the obligation to inform one honestly of the risk, and as a

> person

> you are committed to educate yourself to the total risk in any

> activity!

> 

> Once informed & totally aware of the risk,

> every fool has the right to kill or injure themselves as they see fit!



--
http://www.freelists.org/webpage/oracle-l

Received on Wed Apr 15 2015 - 11:47:24 CEST

This message: [ Message body ]
Next message: Jeremy Schneider: "Re: Pga is growing on 11.2.2.0"
Previous message: George: "Re: Oracle 12.1.0.2 and firewalls"
In reply to: George: "Re: Oracle 12.1.0.2 and firewalls"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message