Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Understanding SQLNet2 inspection in FW-1

To: [email protected]
Subject: [FW-1] Understanding SQLNet2 inspection in FW-1
From: Emmanuel Bailleul <[email protected]>
Date: Mon, 27 Oct 2003 15:45:49 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hi,

I recently had a problem with a client pc connecting to an ORACLE 8.1.6
server via sqlnet.
Tracing the connection, I was able to find this client establish a first
connection on port 1521 of the server, closes this connection and then
tries to open a new one on a different port (> 1024 but not necessarily
high).

This seems to be the "normal" behaviour of a sqlnet2 client, though I
found that not all clients behave like this (may depend on the version
and settings).

The problem is the firewall drops this second connection, though I
configured a rule with "SQLNet2" as the service, and verified that the
protocol type was SQLNet2 as well.

I read all the FW-1 forums about SQLNet2 and found that in some cases it
works seamlessly (even when there is NAT) and in some others it doesn't.

What is not clear to me is what is hiding behind the SQLNet2 protocol
type. I had a look at the file "base.def", section SQLNet2 to understand
how the firewall is supposed to handle this one but just found that this
code was referencing some kernel functions of the firewall.

Does anyone know exactly how SQLNet2 works in FW-1, in terms of
inspection ?

Regards.

--

Emmanuel BAILLEUL

Responsable du Pôle Sécurité

Agence Annecy Sud-Est

ascom adilan

Network Integration

[email protected] <mailto:[email protected]>

14 rue du Pré Paillard

74940 Annecy le Vieux

Tel: 33 4 50 64 02 49

Fax : 33 4 50 64 09 98

<http://www.adilan.fr>

--

Emmanuel BAILLEUL

Responsable du Pôle Sécurité

Agence Annecy Sud-Est

ascom adilan

Network Integration

[email protected] <mailto:[email protected]>

14 rue du Pré Paillard

74940 Annecy le Vieux

Tel: 33 4 50 64 02 49

Fax : 33 4 50 64 09 98

<http://www.adilan.fr>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] RES: [FW-1] Upgrading IP330 from IPSO 3.4
Next by Date: Re: [FW-1] Starnge Yahoo issue with websense and FP2
Previous by thread: [FW-1] RES: [FW-1] Upgrading IP330 from IPSO 3.4
Next by thread: [FW-1] Has anyone got Management HA working on SecurePlatform?
Index(es):
- Date
- Thread