https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243772#M612053 <HTML><HEAD></HEAD><BODY><P>I prefer not to post the FW configs in an open forum. I can send via email though...</P></BODY></HTML> Tue, 21 Oct 2003 11:19:14 GMT brarick 2003-10-21T11:19:14Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243763#M612044 <P>I have a quick question about configuring a PIX firewall and jdbc. I have two distinct networks running behind a PIX firewall. My webserver, jsp's, and JDBC driver are on one machine (on network 'A') and I have my SQL Server database running on another machine on network 'B'. Now in order to allow my webserver access to the database I have to add a couple lines to the firewall. One is the 'fixup' line and the other is the 'conduit'. My question is on the fixup line. Do I do a fixup for http or for sqlnet or both. For instance, do I do this...</P><P></P><P>fixup protocol http 1433</P><P></P><P>or </P><P></P><P>fixup protocol sqlnet 1433</P><P></P><P></P><P>I am just trying to figure out what I am doing before I break something;-)</P><P></P> Fri, 21 Feb 2020 07:03:13 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243763#M612044 brarick 2020-02-21T07:03:13Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243764#M612045 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>You need fixup protocol sqlnet 1433. as well as conduit or access-list</P><P></P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Mon, 20 Oct 2003 17:55:10 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243764#M612045 nkhawaja 2003-10-20T17:55:10Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243765#M612046 <HTML><HEAD></HEAD><BODY><P>So sqlnet isn't just an Oracle thing? For some reason I was thinking that I was just supposed to use SQLnet when using Oracle databases. Then again I'm just a software guy what do I know;-) Thank you.</P></BODY></HTML> Mon, 20 Oct 2003 17:59:40 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243765#M612046 brarick 2003-10-20T17:59:40Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243766#M612047 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>It is for SQLnet protocol either from Oracle or from Micrsoft.</P><P></P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Mon, 20 Oct 2003 18:06:36 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243766#M612047 nkhawaja 2003-10-20T18:06:36Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243767#M612048 <HTML><HEAD></HEAD><BODY><P>OK I added the below lines to the PIX config...</P><P></P><P>fixup protocol sqlnet 1433</P><P></P><P>conduit permit tcp host 10.0.5.45 eq 1433 host 192.168.100.113</P><P></P><P>-------------------------------------------</P><P>10.0.5.45 is my database server</P><P>192.168.100.113 is my webserver</P><P></P><P>I tested my connection to see if the two computers were able to see each other by telneting from the webserver....</P><P></P><P>telnet 10.0.5.45 1433 </P><P></P><P>This just hangs and says "trying 10.0.5.45..."</P><P>Am I missing something? If I could telnet from one box to another at least I would know that the boxes could see each other. Any ideas?</P></BODY></HTML> Mon, 20 Oct 2003 18:52:53 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243767#M612048 brarick 2003-10-20T18:52:53Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243768#M612049 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>DO you have static for 10.0.5.45?</P><P>I am not sure if you could test this by just telnet to port1433. Can you try to see if by bypassing firewall, you can get some prompt? Try also to get syslogs from the firewall</P><P></P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Mon, 20 Oct 2003 18:56:43 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243768#M612049 nkhawaja 2003-10-20T18:56:43Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243769#M612050 <HTML><HEAD></HEAD><BODY><P>Yes, I set the static IP to 10.0.5.45. I also double checked the SQL Server listening port to see if it is on port 1433. It is. </P><P></P><P>I can telnet successfully from my laptop to the database server. The DB server is in the Windows default domain WORKGROUP.</P><P></P><P>Where are the syslogs to the firewall kept?</P></BODY></HTML> Mon, 20 Oct 2003 19:12:25 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243769#M612050 brarick 2003-10-20T19:12:25Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243770#M612051 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Could you share the configs? YOu can change the IP addresses and remove the password lines.</P><P>Syslogs can be stored on buffer, syslog server, can be dumped on the console or telnet/terminal sessions.</P><P></P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Mon, 20 Oct 2003 20:39:45 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243770#M612051 nkhawaja 2003-10-20T20:39:45Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243771#M612052 <HTML><HEAD></HEAD><BODY><P>Nadeem's correct need the configs.</P></BODY></HTML> Tue, 21 Oct 2003 02:45:23 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243771#M612052 lwierenga 2003-10-21T02:45:23Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243772#M612053 <HTML><HEAD></HEAD><BODY><P>I prefer not to post the FW configs in an open forum. I can send via email though...</P></BODY></HTML> Tue, 21 Oct 2003 11:19:14 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243772#M612053 brarick 2003-10-21T11:19:14Z https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243773#M612054 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>change the ip addresses and take out passwords, that is all you have to do.</P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Tue, 21 Oct 2003 17:46:37 GMT https://community.cisco.com/t5/network-security/jdbc-and-pix/m-p/243773#M612054 nkhawaja 2003-10-21T17:46:37Z