Packetpushers with SQLNet

If you need to apply an ALG (Application level gateway) on SQLNet be careful and check the following:

SQL*Net (a.k.a Oracle TNS) and firewalls…

Most vendor’s firewalls have a SQL ALG that handles SQL*Net traffic.
They listen on TCP port 1521.

SQL*Net is based on Oracle’s TNS protocol.
The specification for this protocol is proprietary and inaccessible, but you can figure it out by reading Oracle’s docs and looking at the Wireshark dissector source code.

In Checkpoint firewalls, there are two ALGs for SQL*Net: “sqlnet1” and “sqlnet2.”
sqlnet1 should be used for non-redirected sessions and sqlnet2 should be used for redirected sessions.
The implication is that non-redirected sessions evaluated against sqlnet2 could negatively impact the CPU of the firewall.

Network Ports used for communication

Log Files location Check Point

Useful CLI Commands Check Point

Export/Import Policy Package

Useful Smartlog Queries

Useful SNMP OIDs (VSX)

Threat Prevention API

GAIA - Easy execute CLI commands on all gateways simultaneously

Threat Prevention Cyber Attacks Dashboard Template

DOS & DDOS Prevention, Mitigation

Export Syslog Messages

Missing feature - Global search across multiple CMA

Show logging using the web interface

Managing partition sizes via LVM manager on Gaia OS

SmartConsole cli parameters

Jump to Rule Number or UID

SmartConsole: Clear disconnected sessions

Initiating manual cluster failover

How to migrate Custom Queries from one SmartView Tracker to another

Check Point Log Export

After policy install: UDP packet that belongs to an old session drops

How to copy a file from a Check Point firewall

CPView Utility and High Load Traffic

IPS Troubleshooting

Limitation of 251 Inline Layers

Packetpushers with SQLNet

Show interface speed and duplex as a list

VPN Troubleshooting

Threat Extraction Troubleshooting

Check Point Links & Tools

Packetpushers with SQLNet

No Comments