03-10-2009 10:58 AM - edited 03-11-2019 08:02 AM
Hi,
I would like to know what is the impact/loss of disabling stateful inspection on any protocol in the firewall such as 'no inspect sqlnet'.
Is it a security threat etc ?
03-10-2009 11:14 AM
Stateful inspection in it's general form is covered by "inspect tcp". This tells the firewall to check the TCP flags/ sequence numbers etc. If you turned this off all the generic TCP applications would not be firewalled.
"inspect sqlnet" among others is doing more than stateful inspection. It is also interpreting some of the traffic at the application layer ie. the firewall or router has a limited understanding of the actual SQLNET protocol. A lot of the inspect
So for example, SQLNET works by a client connecting to a server on the well known SQL port 1521. The server then sends a packet back to the client telling it to use a new port for the connection. The client then makes a new connection to that port. Now if the firewall cannot find out what that port is then you need to open all ports on your firewall above 1024 because it could be any port the server told the client to use. So the firewall is provided with extra code to be able to snoop on the return message from the server and read the port. The firewall can then dynamically open the port for the new client connection.
So disabling it may well mean you have to open up a lot of extra ports. Disabling the more general "inspect tcp" would pretty much disable your firewall.
Apologies if you knew a lot of that, wasn't trying to bore you :-).
By the way, did you get that NAT issue solved ?
Jon
03-10-2009 02:14 PM
Hi Jon,
Thanks for that.
NAT issue is not resolved as yet. I have updated the other post. Awaiting your reply.
Rgds.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide