Firewall Wizards mailing list archives
Re: Cisco ASA firewall: SQLnet inspection: buffer limit
From: Chuck Swiger <chuck () codefab com>
Date: Thu, 15 Jan 2009 11:45:03 -0800
Hi-- On Jan 15, 2009, at 3:27 AM, Haim [Howard] Roman wrote:
Some friends have a Cisco ASA firewall, firmware version 8.0.4. Behind the firewall is a Oracle database.This firewall has an SQLnet inspection feature. However, the packet reassembly buffer has a limit of 8 kbytes. Many of the SQL queries are bigger than this, and they get blocked. Is there a way to increase this? (not sure how big they need). In the meantime, they have to disable this feature.
The typical solution to accessing a database behind a firewall is to set up a VPN connection, and not to disable the firewall.
Permitting the entire Internet to access your database means you are trusting Oracle's security. Even if you don't care about the integrity of your data, you'd also put the machine running Oracle itself at risk of compromise as well:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/public_vuln_to_advisory_mapping.html Regards, -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco ASA firewall: SQLnet inspection: buffer limit Haim [Howard] Roman (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chuck Swiger (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Morrow Long (Jan 16)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chris Myers (Jan 19)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Morrow Long (Jan 16)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chris Myers (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Christopher J. Wargaski (Jan 15)
- Re: Cisco ASA firewall: SQLnet inspection: buffer limit Chuck Swiger (Jan 15)