Oracle 8i and Checkpoint Firewall problem

OK, here's the situation.

We have an NT Cluster hosting Oracle 8.1.6 and running 4 Oracle instances. The Cluster is behind a Checkpoint firewall.

We web server that runs 3 applications that use java servlets to connect to the Oracle database. Each of these applications require their own database instance and, hence, their own IP address. The web server actually has 5 IP addresses as there are two other web instances on it but they don't use Oracle. The web server is outside the firewall in a DMZ. We were having the problem I have seen reported elsewhere with Oracle using random ports to access the database and the firewall then dropping the requests. I implemented the USE_SHARED_SOCKET fix and this has forced Oracle to use port 1521 for everything. However, the firewall is STILL dropping connections.

I think I have narrowed down the problem though. If one application is started it will open port 1521 and access the DB quite happily. If we start the second application and try to access the DB the firewall drops the connections. I think what's happening is that the firewall is seeing two packets coming from the SAME IP address (it sends the request using the IP address of the physical NIC and not the virtual address assigned to the web instance) and trying to use the same port. This is, according to my security guy, a form of spoofing and the firewall won't allow it. However, he has removed the anti-spoofing filter from the firewall and the problem still remains.

So, what's going on? Any ideas? Received on Wed Dec 19 2001 - 10:14:29 CST