Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Cisco PIX firewall
I did this before [back when memory was a problem (so we used MTS)].
Forgive me if everybody already knows this...
Anyway, port 1521 is the starting port number, the mts server processes communicate back to the client on a redirected port. Therefore, you must tell your mts config (via init.ora params) which ports are allowed to be redirected to. For example, you have X number of concurrent sessions and therefore you open up x+50% ports in the range of, ohhhh, say 15500 thru 15600. tell the firewall that A) these ports are bi-directional and B) sql*net traffic is the protocol. I don't remember if ports are 1-to-1 for clients, but you could look that up.
A quick test...
You can tell Oracle NOT to redirect sql*net traffic and keep everything
on port 1521. you will quickly bottleneck the port I/O, but at least
you will get thru your firewall (assuming 1521 is open and supports
sql*net).
I'm not a firewall guy, I just told the sys/netAdmins to do it and they made it happen. I did the Oracle part. By the way, 7 years ago, not all firewalls supported sql*net traffic - ensure your specific firewall is certified for such.
__Dan
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Jan 25 2005 - 18:26:48 CST
![]() |
![]() |