Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

SQLNet and Checkpoint

524 views
Skip to first unread message

Andreas Stavrinou

unread,
May 24, 2001, 2:09:37 AM5/24/01
to
Can someone please direct me on how to configure SQLNet proxy on Checkpoing
in order to connect to Oracle 8.1.x databases?

Any help would be greadly appreciated

Regards,

Andreas Stavrinou


steve

unread,
May 24, 2001, 12:13:04 PM5/24/01
to
I've connected to an Oracle database by allowing SQLNet1 (1521/tcp) and ALL
tcp highports to the server. The client will try to connect to the server on
port 1521, the server will reply on that port and tell the client which
random port above 1023 to connect for the rest of the conversation. With
Oracle 8 you can make a registry change called USE_SHARED_SOCKET (=true) to
force all communications on port 1521 to make it more secure.

Hope this helps.

"Andreas Stavrinou" <andreas....@globalsoft.com.cy> wrote in message
news:F0scnaB...@dogwood.us.checkpoint.com...

Andreas Stavrinou

unread,
May 25, 2001, 12:53:14 AM5/25/01
to
Steve,

Thanks for the reply, however the client is not comfortable opening all high
ports and creating a "swiss cheese" situation. Instead he insists on using
the SQLNet proxy (port tunneling) feature that comes with Checkpoint 4.1 SP2
and open only the default (I believe) 1610 port. Any ideas on that?

Regards


"steve" <st...@nodomain.com> wrote in message
news:4K$ELtG5A...@dogwood.us.checkpoint.com...

Johan Lindqvist

unread,
May 28, 2001, 12:13:11 PM5/28/01
to
steve wrote:
>
> I've connected to an Oracle database by allowing SQLNet1 (1521/tcp) and ALL
> tcp highports to the server. The client will try to connect to the server on
> port 1521, the server will reply on that port and tell the client which
> random port above 1023 to connect for the rest of the conversation. With
> Oracle 8 you can make a registry change called USE_SHARED_SOCKET (=true) to
> force all communications on port 1521 to make it more secure.

Opening SQLnet2 which is stateful would probably be better, then. Note
that you should not use BOTH SQLnet1 and SQLnet2. Having them both will
trigger SQLnet1.

/Johan Lindqvist

--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/E d+ s: a- C++(+++)$ ULOSI*++(++++)$ P+++$>++++$ L++ E>++$ W+(+++)
N++ o? K-? w---(++)$ O? M-(+) V? PS++ PE-(--) Y++(+) PGP++ t++@ !5-
!X- R tv b++ DI++++ D+ G++ e+++ h--- r+++ y+++
------END GEEK CODE BLOCK------

Surendran Varadarajan

unread,
Jun 14, 2001, 5:33:34 PM6/14/01
to
Hi Hohan,

When I allowed only sqlnet2, I still see in the log 1521 being accepted but
another
high numbered port blocked. This high-numbered port atleast in the
limited experiments that I carried out was constant. Do I need to allow this port

explicitly?

Thanks

Suren

0 new messages