Cman

385 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
385
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cman

  1. 1. Oracle CMAN CMAN Port Firewall Rule Oracle Connect ion Manager (CMAN) Client Config (cman.ora) Listener CMAN Listen CMAN Firewall Application Server (Layer 3) TNS-1521 HTTP/HTTPS - HTTP/HTTPS Firewall TNS-1521 Firewall `` HTTP/HTTPS Connection Manager (Layer 2) TNS-1521 TNS-1521 TNS-1521 Database Server (Layer 1)
  2. 2. CMAN Listener CMAN Register CMAN Register Initialization Parameters Remote Listener CMAN a Listener CMAN Listener b SQLNET # Configure TNS firewall to loopback and local IP address only TCP.VALIDNODE_CHECKING = YES TCP.EXCLUDED_NODES = (*.*.*.*) TCP.INVITED_NODES = (127.0.0.1, 172.20.5.31,172.20.5.51,……) SQLNET INVITEND_NODES IP STOP/START external procedure Listener Listener listener.ora Oracle Advanced Security (ASO) ASO SQLNET.ORA Encryption Application Server Encrypt Client c # Settings for when a client is connecting to this server. # Incoming connections to database must be checksum'd and encrypted. SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1) SQLNET.CRYPTO_CHECKSUM_SERVER = required SQLNET.ENCRYPTION_TYPES_SERVER= (AES256) SQLNET.ENCRYPTION_SERVER = required # Settings for when this client is connecting to a server. SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA1) SQLNET.CRYPTO_CHECKSUM_CLIENT = required SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256) SQLNET.ENCRYPTION_CLIENT = required # Seed needs to be randomly generated consisting of between # 10 and 70 characters. This seed should be different for each host. SQLNET.CRYPTO_SEED = somerandomalphanumericstringofabout70characters CMAN Listen Oracle Client Port Number IP Address CMAN CMAN rule
  3. 3. N1= (configuration= (address=(protocol=tcp)(host=x.x.x.x)(port=1821)) (parameter_list = (connection_statistics=yes) (log_directory=/u01/oracle/product/11.2.0/client_1/network/log) (log_level=off) (idle_timeout=0) (inbound_connect_timeout=0) (session_timeout=0) (outbound_connect_timeout=0) (max_gateway_processes=16) (min_gateway_processes=2) (remote_admin=on) (trace_directory=/u01/oracle/product/11.2.0/client_1/network/trace) (trace_level=off) (trace_timestamp=off) (trace_filelen=1000) (trace_fileno=1) (max_cmctl_sessions=4) (event_group=init_and_term,memory_ops) ) (rule_list= # INBOUND RULES # = Application Server 1 (rule=(src=x.x.x.x)(dst=172.18.1.67)(srv=*)(act=accept)) # = DBA workstations (rule=(src=172.21.2.0/24)(dst=*)(srv=*)(act=accept)) # # OUTBOUND RULES # = Remote DB Server (rule=(src=172.20.5.0/24)(dst=172.18.1.67)(srv=*)(act=accept)) # # Local Connections (rule=(src=172.18.1.67)(dst=127.0.0.1)(srv=*)(act=accept)) (rule=(src=172.18.1.67)(dst=127.0.0.1)(srv=cmon)(act=accept)) # # All other source IPs (rule=(src=*)(dst=*)(srv=*)(act=drop)) ) Connection Manager Client & Application Server Application Server Client  IPV6 

×