- Silver, 250 points or more
I hope someone with extensive experiences with Cisco Pix/ASA can tell me
what the purpose of this command:
fixup protocol sqlnet 1521-1526
fixup protocol http 80
I have rule on the firewall as follows:
access-list test permit tcp any any range 1521-1526 log
access-group test interface outside
Behind the firewall is a bunch of Oracle database servers version 9i, 10g and 11g.
I use an Oracle utility called Oracle loader to load about 40GB of data into these
oracle databases. These jobs hang after loading about 20GB of data into the databases.
The only way to load 40GB of data into the database is to "no fixup protocol sqlnet 1521-1526".
My question is this:
What are the advantages of enabling sqlnet inspection on the firewall? From what I've
seen so far, it does nothing but cause trouble for my sqlnet traffics especially loading
massive amount of data into the database. What does sqlnet inspection actually do?
Are there any security risks in disabling sqlnet inspection? Thanks.