There's not a whole lot to do on the firewall side to pass Oracle traffic.
This should already be the case, but have you verified that in the
'Advanced' properties of your sqlnet2- service(s) that the protocol type is
set to SQLNET2? If, perhaps, you made your own services because of custom
port numbers, this might need to be done. Short of that, you're probably
opening a ticket with Check Point to find out why it's not detecting and
proxying SQL*Net traffic.

You may also be able to get away with using USE_SHARED_SOCKET=TRUE on the
Oracle server to get it to stick to just one port. This may be OK for
something like a web application that has a single client, but you can run
into problems with multiple client connections.


-----Original Message-----
Subject: [fw-wiz] fw1 oracle sqlnet2


I try to use the sqlnet2 service in the policy of a checkpoint FW-1 NG

But this doesn't work as It's supposed to be.

Oracle starts to use random higher ports after the connection and the
checkpoint firewall drops these connections.

While de sqlnet2 module should handle these stateful.

Has someone a solution to this problem?

firewall-wizards mailing list