Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com
You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: fw1 oracle sqlnet2 (Peter Bruderer)
2. RE: fw1 oracle sqlnet2 (Behm, Jeffrey L.)
3. RE: fw1 oracle sqlnet2 (Paul Melson)
4. Filtering proxy for HTTP POST requests (Devdas Bhagat)
--__--__--
Message: 1
Subject: Re: [fw-wiz] fw1 oracle sqlnet2
From: Peter Bruderer <brudy@bruderer-research.com>
To: staf wagemakers <stafwag@yahoo.com>
Cc: firewall-wizards@honor.icsalabs.com
Organization: Bruderer Research GmbH
Date: Sat, 06 Aug 2005 07:39:30 +0200
If you have to pass Oracle SQL traffic through a firewall it is
recommended to use Oracle's Connection Manager. With the Connection
Manager you have to open only one specified port to the Connection
Manager. The Connection Manager acts as a proxy for SQL queries.
On Tue, 2005-08-02 at 13:01 -0700, staf wagemakers wrote:
> Hi,
>
> I try to use the sqlnet2 service in the policy of a
> checkpoint FW-1 NG firewall.
>
> But this doesn't work as It's supposed to be.
>
> Oracle starts to use random higher ports after the
> connection and the checkpoint firewall drops these
> connections.
>
> While de sqlnet2 module should handle these stateful.
>
> Has someone a solution to this problem?
>
> --
> Staf Wagemakers - http://www.wagemakers.be
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--
Peter Bruderer
Bruderer Research GmbH
phone +41 52 620 26 53
www.brg.ch
--__--__--
Message: 2
Subject: RE: [fw-wiz] fw1 oracle sqlnet2
Date: Mon, 8 Aug 2005 08:38:26 -0500
From: "Behm, Jeffrey L." <BehmJL@bvsg.com>
To: "staf wagemakers" <stafwag@yahoo.com>,
<firewall-wizards@honor.icsalabs.com>
On Tuesday, August 02, 2005 3:02 PM, staf wagemakers so spake:
>Oracle starts to use random higher ports after the
>connection and the checkpoint firewall drops these
>connections.=20
>Has someone a solution to this problem?
I believe you can change a setting in oracle to tell it *not* to use
random ports. Don't recall the parameter(s) off the top of my head, but
this might get you headed in that direction, rather than messing with
FW-1.=20
Jeff
--__--__--
Message: 3
From: "Paul Melson" <pmelson@gmail.com>
To: "'staf wagemakers'" <stafwag@yahoo.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] fw1 oracle sqlnet2
Date: Mon, 8 Aug 2005 11:22:15 -0400
There's not a whole lot to do on the firewall side to pass Oracle traffic.
This should already be the case, but have you verified that in the
'Advanced' properties of your sqlnet2- service(s) that the protocol type is
set to SQLNET2? If, perhaps, you made your own services because of custom
port numbers, this might need to be done. Short of that, you're probably
opening a ticket with Check Point to find out why it's not detecting and
proxying SQL*Net traffic.
You may also be able to get away with using USE_SHARED_SOCKET=TRUE on the
Oracle server to get it to stick to just one port. This may be OK for
something like a web application that has a single client, but you can run
into problems with multiple client connections.
PaulM
-----Original Message-----
Subject: [fw-wiz] fw1 oracle sqlnet2
Hi,
I try to use the sqlnet2 service in the policy of a checkpoint FW-1 NG
firewall.
But this doesn't work as It's supposed to be.
Oracle starts to use random higher ports after the connection and the
checkpoint firewall drops these connections.
While de sqlnet2 module should handle these stateful.
Has someone a solution to this problem?
--__--__--
Message: 4
Date: Mon, 8 Aug 2005 22:14:27 +0530
From: Devdas Bhagat <devdas@dvb.homelinux.org>
To: firewall-wizards@honor.icsalabs.com
Reply-To: Devdas Bhagat <devdas@dvb.homelinux.org>
Subject: [fw-wiz] Filtering proxy for HTTP POST requests
Does anyone have suggestions/recommendations for a HTTP proxy (cheap/free)
which can filter based on content. Preferably something capable of
Bayesian analysis of content? It needs to work in ISP environments, so
transparent proxy support would be ideal.
Traffic to be filtered is outbound from the browser to the server.
Thanks
Devdas Bhagat
--__--__--
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest
No comments:
Post a Comment