I’m trying to configure a Standalone Database Firewall in-line between the clients and the protected database so it can block some statements. I’ve followed the Installation Guide and the Administration Guide, but can’t get it working. I’ve configured one Enforcement Point with one Protected Database.
I’ve configured Database Firewall with three Ethernet cards:
eth0 is used for Management (IP. 192.168.1.81)
eth1 and eth2 are associated with Bridged interface br0
The protected database is listening in 172.16.40.3:1521.
The clients are in subnet 192.168.1.x.
I’ve configured the Traffic Source br0 with the IP 172.16.40.2 and is enabled as the Traffic Source in the Enforcement Point.
In the configuration file appliance.conf corresponding to the Enforcement Point, I’ve seen the parameter PROXYPORT=1534, so I understand the clients should connect to this port in Database Firewall in order to access the protected database. Is this assumption correct? Is the configuration I’ve done correct? Are there any additional configuration steps that should be made? Is there any documentation about this configuration files?