Re: Cisco PIX Citrix Mix Nixes Oracle

SQL*Net is typically not happy over firewalls. In the case of Cisco PIX firewalls, you need to be sure that they are up to the latest release of the PIX Operating System. This fixes around 10 known SQL*Net problems (e.g., IP translation with SQL*Net, protocol prioritization, etc.). We have multiple Oracle applications running through a PIX firewall, so I know it is possible.

If you have a specific question, please get back to me.

Chris Baggett
Asst. Vice President, Web Development
First Data Corp.
cbaggett_at_fred.net

In article <35DD7790.1F565B13_at_ot.com>,
  Tim Romano <tim_at_ot.com> wrote:
> (Apologies if you get this twice...news server troubles at ISP.)
>
> I'm not well acquainted with firewall terminology and related
> technical issues and apologize for any lack of detail or
> extraneous detail below. But I hope there's enough information to
> give someone else a clue and help me out of a jam.
>
> For a valued customer of mine in whose good graces I would like to
> remain, I wrote an Oracle application using VB5 as the front-end;
> native connectivity provided by Oracle's Objects for OLE; it runs
> over over SQL*Net with TCP/IP. Oracle is running on NT Server. We
> put the VB front-end on Citrix some months ago and everything has
> been working smoothly. Until yesterday. The company installed a
> CISCO firewall --they're referring to it as a PIX box-- and now
> Oracle _appears_ to be malfunctioning in a very bad way, but I
> suspect it's the firewall setup, as neither my app nor Oracle have
> been changed in any way and the problem wasn't happening before
> now.
>
> Whenever my VB5 app logs on to Oracle, that user logon is being
> replicated a dozen or more times! For each user of my application,
> it looks as though there are about 12. The redundant Oracle logons
> seem to be occuring about one per second. I can't say exactly how
> many redundant logons would be generated because Oracle reaches
> its max processes limit and stops. (BTW, I've tried to kill the
> sessions -- ALTER SYSTEM KILL SESSION 'sid,serial#' -- but they
> don't go away...though I did see a posting on c.d.o.s which
> suggested that PMON might take as long as a day to clear a killed
> process. Their status in V$session is KILLED.)
>
> The network technicians said they set up the CISCO box so that
> Citrix traffic is routed to port 1494, and that a range of
> additional ports "beneath" 1494 was also allocated for Citrix
> traffic. They say that UDP and TCP protocols are enabled. I'm
> wondering if somehow they have set the CISCO box up so that it is
> _ broadcasting _ incoming Citrix traffic onto that range of
> ports, so that Oracle is being hit with not one but with many
> simultaneous logon requests from a single instance of my
> application. Is such a thing possible?
>
> Thanks in advance for your insights and suggestions on how I might
> get to the bottom of what is happening here.
> Tim
>
>

-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum Received on Sun Aug 30 1998 - 00:00:00 CDT