Before adding the firewall, the applications are up and running. My understanding is that the firewall is in front of websphere server and database server. Now, the websphere server cannot connect to database server on port 1521, that means port 1521 needs to be open on database server side? Do we need to open the same port 1521 on websphere server too? I cannot ping, cannot telnet from websphere to database.
please advice. thanks a lot!!
The port probably is open on the database server, but you'll also need to configure the firewall to allow traffic to that port on the database server.
Unlikely.
So?
cu
59cobalt
We need to open the port that the database server listens from the websphere server's request. But what port the websphere listens on the response from the database server?
I think the similar analogy is like the web browser. When we go to
Hi,
Depending on the OS anything from either 1-65365 or 1024-65365. The originating port ist not important, the firewall can track the connection.
You should ask someone, who is proficient with security to help you design and setup the network and security measures.
Cheers, Jens
Talk to your sysadmin folks and explain what you need to achieve.
Chris
If the firewall is in front of BOTH the Web/DB server, but the Web and DB server are in different networks (and they should be), then you need to map a rule between the web servers firewall network and the database servers network for the port that it communicates on.
Firewall PUBLIC Port (some public IP) Firewall WEB Sv Port (192.168.8.10/24) just making up a network Firewall DB Sv Port (192.168.9.10/24) just making up a network
By default here is no access between 192.168.8 and 192.168.9 networks, you have to make a rule between them
Your rule should be as specific as possible, something like this:
Allow 192.168.8.10 (Web) > 192.168.9.10:TCP 1521
This limits access to the data to JUST the IP and Port of the database server.
With a rule like this you can NOT PING or telnet to the DB server, since you didn't create a PING/Telnet rule to permit access.
If you setup improper rules your web server could allow external users to compromise your database - please contact the firewall administrator to make the proper changes for you.
That's irrelevant. The response from the database server will take the same route as the request, only in the opposite direction. If the firewall is stateful (which it should be), you don't need to do anything other than allow requests to the database server's port.
Web browsers don't listen on any port. It's the same as described above. The response goes back through the already established connection.
cu
59cobaltCabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.