SQLNET through FW1

[tdgast]

Hello all,

I am currently involved in migrating from Symantec firewalls to CP FW1 (on Nokia). We currently have several applications that utilize Symantec's sqlnet proxy service. As a matter of fact, up till now these firewalls have not been upgraded to version 8 because Symantec did away with the sqlnet service support in the newer version.

As I understand it, the sqlnet proxy service negotiates the communications between servers and is initiated on port tcp/1521 with high port negotiation following. The Symantec proxy service can support 30 concurrent connections.

An alternative to sqlnet proxy is ORACLE 8i Connection Manager which redirects sqlnet traffic to 1630/tcp.

Does FW1 support sqlnet and its negotiated random port usage or should I consider purchasing third party software such as ORACLE 8i Connection Manager to handle this type of traffic?

Thanks,
Ty

[abusharif]

sqlnet is defined as proto type in the checkpoint, so i assume it does support it.

Short description:

Quote:

SQLNet v2 is Oracle Inc. network protocol for database data exchange. Our protocol handler handles the connection between the SQLnet2 client to the Oracle NTS Network-Listener. This Network Listener then redirects the client to the appropriate Oracle database server. Our INSPECT handler records these connections as data connections.

[tdgast]

Thanks abusharif, I appreciate the response.

[bknight]

Note that as of Oracle 8 the SQLNet protocol inspection on the Checkpoint does not work properly.

The issue is that now the Oracle server tells the client to connect to a FQDN and dynamic high port. The Checkpoint will not resolve that name to an IP and the connection will fail. Older version returned an IP only so there was no issue.