Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
10
Replies

JDBC and PIX

brarick
Level 1
Level 1

‎10-20-2003 10:50 AM - edited ‎02-20-2020 11:03 PM

I have a quick question about configuring a PIX firewall and jdbc. I have two distinct networks running behind a PIX firewall. My webserver, jsp's, and JDBC driver are on one machine (on network 'A') and I have my SQL Server database running on another machine on network 'B'. Now in order to allow my webserver access to the database I have to add a couple lines to the firewall. One is the 'fixup' line and the other is the 'conduit'. My question is on the fixup line. Do I do a fixup for http or for sqlnet or both. For instance, do I do this...

fixup protocol http 1433

or

fixup protocol sqlnet 1433

I am just trying to figure out what I am doing before I break something;-)

0 Helpful
10 Replies 10

nkhawaja
Cisco Employee
Cisco Employee

‎10-20-2003 10:55 AM

HI,

You need fixup protocol sqlnet 1433. as well as conduit or access-list

Thanks

Nadeem

0 Helpful

brarick
Level 1
Level 1
In response to nkhawaja

‎10-20-2003 10:59 AM

So sqlnet isn't just an Oracle thing? For some reason I was thinking that I was just supposed to use SQLnet when using Oracle databases. Then again I'm just a software guy what do I know;-) Thank you.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to brarick

‎10-20-2003 11:06 AM

Hi,

It is for SQLnet protocol either from Oracle or from Micrsoft.

Thanks

Nadeem

0 Helpful

brarick
Level 1
Level 1
In response to nkhawaja

‎10-20-2003 11:52 AM

OK I added the below lines to the PIX config...

fixup protocol sqlnet 1433

conduit permit tcp host 10.0.5.45 eq 1433 host 192.168.100.113

-------------------------------------------

10.0.5.45 is my database server

192.168.100.113 is my webserver

I tested my connection to see if the two computers were able to see each other by telneting from the webserver....

telnet 10.0.5.45 1433

This just hangs and says "trying 10.0.5.45..."

Am I missing something? If I could telnet from one box to another at least I would know that the boxes could see each other. Any ideas?

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to brarick

‎10-20-2003 11:56 AM

Hi,

DO you have static for 10.0.5.45?

I am not sure if you could test this by just telnet to port1433. Can you try to see if by bypassing firewall, you can get some prompt? Try also to get syslogs from the firewall

Thanks

Nadeem

0 Helpful

brarick
Level 1
Level 1
In response to nkhawaja

‎10-20-2003 12:12 PM

Yes, I set the static IP to 10.0.5.45. I also double checked the SQL Server listening port to see if it is on port 1433. It is.

I can telnet successfully from my laptop to the database server. The DB server is in the Windows default domain WORKGROUP.

Where are the syslogs to the firewall kept?

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to brarick

‎10-20-2003 01:39 PM

Hi,

Could you share the configs? YOu can change the IP addresses and remove the password lines.

Syslogs can be stored on buffer, syslog server, can be dumped on the console or telnet/terminal sessions.

Thanks

Nadeem

0 Helpful

lwierenga
Level 1
Level 1

‎10-20-2003 07:45 PM

Nadeem's correct need the configs.

0 Helpful

brarick
Level 1
Level 1
In response to lwierenga

‎10-21-2003 04:19 AM

I prefer not to post the FW configs in an open forum. I can send via email though...

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to brarick

‎10-21-2003 10:46 AM

Hi,

change the ip addresses and take out passwords, that is all you have to do.

Thanks

Nadeem

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card