Your SlideShare is downloading. ×
Cman
Cman
Cman
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
95
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Oracle CMAN CMAN Port Firewall Rule Oracle Connect ion Manager (CMAN) Client Config (cman.ora) Listener CMAN Listen CMAN Firewall Application Server (Layer 3) TNS-1521 HTTP/HTTPS - HTTP/HTTPS Firewall TNS-1521 Firewall `` HTTP/HTTPS Connection Manager (Layer 2) TNS-1521 TNS-1521 TNS-1521 Database Server (Layer 1)
  • 2. CMAN Listener CMAN Register CMAN Register Initialization Parameters Remote Listener CMAN a Listener CMAN Listener b SQLNET # Configure TNS firewall to loopback and local IP address only TCP.VALIDNODE_CHECKING = YES TCP.EXCLUDED_NODES = (*.*.*.*) TCP.INVITED_NODES = (127.0.0.1, 172.20.5.31,172.20.5.51,……) SQLNET INVITEND_NODES IP STOP/START external procedure Listener Listener listener.ora Oracle Advanced Security (ASO) ASO SQLNET.ORA Encryption Application Server Encrypt Client c # Settings for when a client is connecting to this server. # Incoming connections to database must be checksum'd and encrypted. SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1) SQLNET.CRYPTO_CHECKSUM_SERVER = required SQLNET.ENCRYPTION_TYPES_SERVER= (AES256) SQLNET.ENCRYPTION_SERVER = required # Settings for when this client is connecting to a server. SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1) SQLNET.CRYPTO_CHECKSUM_CLIENT = required SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256) SQLNET.ENCRYPTION_CLIENT = required # Seed needs to be randomly generated consisting of between # 10 and 70 characters. This seed should be different for each host. SQLNET.CRYPTO_SEED = somerandomalphanumericstringofabout70characters CMAN Listen Oracle Client Port Number IP Address CMAN CMAN rule
  • 3. N1= (configuration= (address=(protocol=tcp)(host=x.x.x.x)(port=1821)) (parameter_list = (connection_statistics=yes) (log_directory=/u01/oracle/product/11.2.0/client_1/network/log) (log_level=off) (idle_timeout=0) (inbound_connect_timeout=0) (session_timeout=0) (outbound_connect_timeout=0) (max_gateway_processes=16) (min_gateway_processes=2) (remote_admin=on) (trace_directory=/u01/oracle/product/11.2.0/client_1/network/trace) (trace_level=off) (trace_timestamp=off) (trace_filelen=1000) (trace_fileno=1) (max_cmctl_sessions=4) (event_group=init_and_term,memory_ops) ) (rule_list= # INBOUND RULES # = Application Server 1 (rule=(src=x.x.x.x)(dst=172.18.1.67)(srv=*)(act=accept)) # = DBA workstations (rule=(src=172.21.2.0/24)(dst=*)(srv=*)(act=accept)) # # OUTBOUND RULES # = Remote DB Server (rule=(src=172.20.5.0/24)(dst=172.18.1.67)(srv=*)(act=accept)) # # Local Connections (rule=(src=172.18.1.67)(dst=127.0.0.1)(srv=*)(act=accept)) (rule=(src=172.18.1.67)(dst=127.0.0.1)(srv=cmon)(act=accept)) # # All other source IPs (rule=(src=*)(dst=*)(srv=*)(act=drop)) ) Connection Manager Client & Application Server Application Server Client  IPV6 

×