1. if you plan to block sql using the firewall you will need 3 NICs in the firewall appliance since apart from the management interface you will need to setup a bridge (with 2 NICs) to physically route the traffic through the firewall, this also requires you to patch the appliance properly inside your datacenter between the protected database and the client or middle tier servers, so you can't do this w/o changing anything in your nw configuration.
2. you will need to compile a whitelist based on what your trusted applications are doing normally, this is an iterative process, then the firewall will be able to block sql not in the whitelist (replace it with something like select 1 from dual), since the only physical network path from the java clients to the secured target db goes via the bridge
Comment: so if you have a chance: pull one NIC out of the AV server (it only needs 1) and plug it into the firewall appliance.
Harm ten Napel
thanks for the reply.
based on Oracle Documentation:
Oracle Database Firewall can be configured (Bridge, out of band, or configured as a proxy).
1. Out of band: can not be used for blocking.
2. do you have idea what is the difference between proxy and Bridge.
and how can I let my application access my DB through the firewall?
with proxy the client is configured to connect to the proxy and the firewall forwards the request to the secured target, with a bridge the firewall is inline between client and server and this is the only mode that allows DPE (policy enforcement) for example check Introducing Oracle Audit Vault and Database Firewall
Harm ten Napel
thanks for the update,
1. that is mean I have only one option for blocking which is proxy configuration, right?
2. and how many NIC required on the server for this configuration?
3. and how to allow the client/middleware to pass through the DB firewall instead of direct db connection?
sorry for my questions:
4. how to configure high DB firewall avaialbity (I want to configure two servers for DB firewall)?
5. what happened to the client/middleware old/new connections if all DB firewalls goes down (in case using proxy configuration)?
I returned back to the documenation, it clearly state that:
Inline between the database clients and database: This method enables Database Firewall to both block potential attacks and/or operating as an audit or monitoring system.
- As a proxy: Using this method, the Database Firewall acts as a traffic proxy, and the database client applications connect to the database using the Database Firewall's proxy IP and port address.
+++ what is the different between them (how to configure each of them from db firewall and client side)?