Re: Oracle 8i and Checkpoint Firewall problem

On Wed, 19 Dec 2001 17:14:29 +0100, "Matt Williams" <stark107_at_hotmail.com> wrote:

>OK, here's the situation.
>
>We have an NT Cluster hosting Oracle 8.1.6 and running 4 Oracle instances.
>The Cluster is behind a Checkpoint firewall.
>
>We web server that runs 3 applications that use java servlets to connect to
>the Oracle database. Each of these applications require their own database
>instance and, hence, their own IP address. The web server actually has 5 IP
>addresses as there are two other web instances on it but they don't use
>Oracle. The web server is outside the firewall in a DMZ. We were having
>the problem I have seen reported elsewhere with Oracle using random ports to
>access the database and the firewall then dropping the requests. I
>implemented the USE_SHARED_SOCKET fix and this has forced Oracle to use port
>1521 for everything. However, the firewall is STILL dropping connections.
>
>I think I have narrowed down the problem though. If one application is
>started it will open port 1521 and access the DB quite happily. If we start
>the second application and try to access the DB the firewall drops the
>connections. I think what's happening is that the firewall is seeing two
>packets coming from the SAME IP address (it sends the request using the IP
>address of the physical NIC and not the virtual address assigned to the web
>instance) and trying to use the same port. This is, according to my
>security guy, a form of spoofing and the firewall won't allow it. However,
>he has removed the anti-spoofing filter from the firewall and the problem
>still remains.
>
>So, what's going on? Any ideas?
>
>

AFAIK use_shared_sockets works only from 8.1.7.1.2 onwards (and 8.1.6 has been desupported anyway)
The other solution is using Oracle Connection Manager. I can confirm from experience this does work with the Checkpoint firewall.

Hth

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address Received on Wed Dec 19 2001 - 12:25:19 CST