Hi,
I can confirm what Freek said ... our FW guys just mark FW rule as sql*net
which is thereafter sufficient for connections to database ...
HTH,
goran
On Wed, Apr 15, 2015 at 11:47 AM, Freek D'Hooge <freek.dhooge@xxxxxxxxx>
wrote:
George,
Yes, once initialized it does not matter on which other port the
connection is handed off.
I don't know of any MOS notes, but google for sqlnet ALG (application
layer gateway) for further explanations by different firewall versions.
But there is a good chance that your firewall guys are actually already
knowing this and there is just some lost in translation issues about
requirements.
Kind regards,
--
Freek D'Hooge
Exitas NV
Senior Oracle DBA
email: freek.dhooge@xxxxxxxxx
tel +32(03) 443 12 38
http://www.exitas.be
On wo, 2015-04-15 at 11:25 +0200, George wrote:
Hi Freek
I'm then going to assume that when the connection is "handed off" to
another port for the actual connection the firewall understands that the
user will be knocking on this other port, on which the user process is now
listening.
Do you know of a MOS note other than the 2 I listed that explains this.
G
On Wed, Apr 15, 2015 at 11:05 AM, Freek D'Hooge <freek.dhooge@xxxxxxxxx>
wrote:
George,
Normally the firewall "understands" sql*net traffic and it is possible to
mark the original port (the one on which the listener is listening, eg
1521) as sql*net.
This way, the firewall guys only need to open port 1521 and mark it as
sql*net and no other ports need to be opened nor do you need to switch to
CMAN or MTS.
Kind regards,
On wo, 2015-04-15 at 10:54 +0200, George wrote:
Hi all
Client is going to be running the above version on Linux.
Firewall guys are refusing to open any ports other than 22 for ssh and
then 1521, 1523 and 1527.
I seem to remember a port redirection use to happen, on a random port, for
the incoming connection after the initial hand shake, of course this will
fail now.
Allot of notes are out there how to use shared_ on NT. not applicable.
I've found the following 2 notes: Doc ID 361284.1 and 125021.1
My options seem to be CMAN or MTS.
comments and advise appreciated.
G
--
You have the obligation to inform one honestly of the risk, and as a person
you are committed to educate yourself to the total risk in any activity!
Once informed & totally aware of the risk,
every fool has the right to kill or injure themselves as they see fit!
--
You have the obligation to inform one honestly of the risk, and as a
person
you are committed to educate yourself to the total risk in any activity!
Once informed & totally aware of the risk,
every fool has the right to kill or injure themselves as they see fit!
