gary flynn wrote:
>
> Oracle servers that are configured as mulithreaded wil use dynamic
> ports. Several firewall vendors are working with Oracle to develop
> a SQLnet proxy. I don't know the timeframe.
The Oracle SQL*Net manuel mentioned V2 added support of asynchronous
data send/receive. This capability was added to support the Oracle7
multi-threaded server. Gary, is this the thing you are refering to ?
However, when I asked Oracle, we've already mentioned that we are
using V1 and still they gave the reply that the port number for
the shadow process cannot be determined !
Marco Pauck wrote:
>
> We use plug-gw for SQL*Net v2 as well.
> There are possibly ways to configure V2 that plug-gw can't deal with,
> but with our plain-vanilla configuration it works OK.
> Do any one have any idea that whether it is a difference due to
configuration or the difference between V1/V2 ?
Marco Pauck also wrote:
>
> We use TIS's plug-gw proxy for SQL*Net V1 (1521/tcp) and V2 (1525/tcp)
> and it just works!
>
> It should also be possible to use a packet filter instead.
> The TIS Firewall Toolkit Overview in
http://ftp.tis.com/Home/NetworkSecurity/Firewalls/Firewalls.html
has a section for plug-gw. It mentioned that :
"plug-gw can act as a general portal between the protected network and
the outside network; therefore, it should be used sparingly and with
caution. Since it acts only as a data pipe, .... In a sense, plug-gw
is similar to adding a configuration rule to a router that permits
traffic only between two systems on a single port, except that it
logs all transactions."
If it is true, I can't see how it can handle dynamic port numbers. Can
any one explain it to me ?
Vinci.
|
|
