Packetpushers with SQLNet
If you need to apply an ALG (Application level gateway) on SQLNet be careful and check the following:
SQL*Net (a.k.a Oracle TNS) and firewalls…
Most vendor’s firewalls have a SQL ALG that handles SQL*Net traffic.
They listen on TCP port 1521.
SQL*Net is based on Oracle’s TNS protocol.
The specification for this protocol is proprietary and inaccessible, but you can figure it out by reading Oracle’s docs and looking at the Wireshark dissector source code.
In Checkpoint firewalls, there are two ALGs for SQL*Net: “sqlnet1” and “sqlnet2.”
sqlnet1 should be used for non-redirected sessions and sqlnet2 should be used for redirected sessions.
The implication is that non-redirected sessions evaluated against sqlnet2 could negatively impact the CPU of the firewall.
No Comments