Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

problems accessing Oracle database through firewall..

Status
Not open for further replies.
david902

david902

MIS
Jan 6, 2000
160
US
We have a PIX in place, a Oracle database server on DMZ and <br>
a web server outside the firewall, the web server lets <br>
members access their info from the database on <br>
DMZ2. It it not practical to allow 250,000 people authentication<br>
<br>
I believe I configured it correctly, opening a hole in the <br>
firewall to let the web server talk to the oracle database <br>
on port 1521<br>
<br>
static (dmz2,internet) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy<br>
netmask 255.255.255.255 80 255<br>
<br>
conduit permit tcp xxx.xxx.xxx.xxx 255.255.255.192 eq sqlnet<br>
xxx.xxx.xxx.xxz 255.255.255.255<br>
<br>
timeout xlate 2:00:00<br>
timeout conn 0:20:00<br>
timeout uauth 2:00:00 absolute 0:30:00 inactivity<br>
<br>
* sorry for the x,y,z but I must protect my firewall vunerabilities.<br>
<br>
It works for a while and then after about 25 - 30 minutes<br>
of non use the connection fails with an Oracle TNS name<br>
resoultion failure. I got this error from the web page that<br>
makes a database query. I tried to change the connection<br>
timeout never to timeout but I still get the error. Any <br>
ideas as to what is going on, and ways to resolve the <br>
problem ?<br>
<br>
Thanks in advance<br>
<br>

 
Sort by date Sort by votes
punched a hole through the firewall to allow port 80 access to a web server on DMZ, didn't need to use an aaa authenticate, the static and conduit's only allow access through the firewall on port 80. Seems secure enough.<br>
<br>
thoughts?<br>

 
Upvote 0 Downvote
We had a similar problem and it was due to tcp connections not being broken down and reaching the PIX's license limit.&nbsp;&nbsp;Use the &quot;show blocks&quot; command and look for the &quot;low&quot; count being zero in one or more rows.&nbsp;&nbsp;If that's the case you'll have to dig deep into your SQL code to find TCP connections that are not broken down after disconnection.&nbsp;&nbsp;Lazy coding on the part of BRIO, in our case.
 
Upvote 0 Downvote
We are also facing the same problem. we are running a webserver before the firewall and the oracle db after the firewall. The webserver makes a connection (JDBC-OCI) using the port 1521. The connection goes through, however after 30mts or later so, the connection does seems to drop. BTW, does anyone know what is the good/bad of setting this variable in Sqlnet i.e. AUTOMATIC_IPC=ON.

Thanks in advance [sig][/sig]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisFairley
  • Locked
  • Question
Downloads failing through ASA 5520
Replies
1
Views
129
iggsterman
iggsterman
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
140
Russtoleum
Russtoleum
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
167
hairlessupportmonkey
hairlessupportmonkey
alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
217
alex1002
alex1002
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
116
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top