IP of Oracle Database Firewall: 192.168.56.11
Port of Oracle Database Firewall: 5557
IP of the Database Server: 192.168.56.30
Port of the Database: 1521 (Default)
Registering Oracle Audit Vault Server in Oracle Database Firewall:
First step is to configure Oracle Audit Vault Server to work with Oracle Database Firewall. To do so we have to register Oracle Audit Vault Server's certificate in Oracle Database Firewall.
Login into Oracle Audit Vault Server web console:
Click in "Settings"-> "Security" menu -> "Server Certificate":
Copy the server's certificate:
Login in to the Oracle Database Firewall console.
Click in "System" menu -> "Audit Vault Server".
In "Audit Vault Server 1 IP Address" field, enter the IP Address of the Audit Vault Server.
Paste the Audit Vault Server's certificate in the "Audit Vault Server 1 Certificate"
Registering Oracle Database Firewall in Oracle Audit Server
Login in to Oracle Audit Vault Server web console.
Click in "Database Firewalls" -> "Settings"
Verify the Database Firewall was registered successfully:
Configuring Network Interfaces for Proxy in Oracle Database Firewall
Login in to Oracle Database Firewall web console.
Click in "System"-> "Network Configuration"
Click in "Change" button
In this Oracle Database Firewall there are 3 network interfaces connected. The first one is used for "Management", in the other two are not used, that's why we see two unallocated network interfaces.
Under "Unallocated Network Interfaces" click in "Device"
For the first interface select "Traffic Proxy" and Click in "Add" Button.
Configuring the Proxy network interface:
Input a correct IP Address (A default is generated randonmly)
Check "Enabled" Under "Proxy 0"
Specify a port for the new Proxy and check "Enabled"
Click in "Add" button under "Traffic Proxies" -> "Proxy 0" -> "Proxy Ports"
Click in "Save" Button
Creating a Secured Target in Oracle Audit Vault Server
Login in to Oracle Audit Vault Server
Click in "Secured Targets" -> "Targets" -> "Register" Button
Enter the basic information for the Secured Target
Fill up only the section "Add Secured Target Addresses (For Firewall)" and leave empty the other sections ("Secured Target Location (For Auditing)" and "Collection Attributes").
Click in "Add" Button under "Add Secured Target Address (For Firewall)" Section
Confirm the Secured Target was created:
Configuring Enforcement Point in Oracle Audit Vault Server
Login in to Oracle Audit Vault Server
Click in "Secured Targets" -> "Enforcement Points" and then click in "Create" Button.
Fill up all the information required.
- Specify a name for the Enforcement Point.
- Select "Database Policy Enforcement (DPE)
- Select the Secured Target that was created before, in this case "db12".
- Select Firwall that was created before, in this case "dbfirewall".
- Select the Proxy Interface that was created before, in this case "Proxy 0:5557"
Click in "Save" Button.
Confirm the Enforcement Point was created successfully:
The Enforcement Point seems to be "Up", but for some reason the connections were failing using the IP and Port of Oracle Database Firewall, as you can see bellow:
[oracle@db12c ~]$ sqlplus
dgomez/dgomez@192.168.56.11:5557/orcl
SQL*Plus: Release 12.1.0.2.0
Production on Fri Jun 7 09:50:39 2019
Copyright (c) 1982, 2014,
Oracle. All rights reserved.
ERROR:
ORA-12543: TNS:destination host
unreachable
To fix it, I had to "start" the Enforcement Point manually, even if the state is "Up". After to manually start up the Enforcement Point, I was able to create sessions through Oracle Database Firewall that was configured as Proxy:
[oracle@db12c ~]$ sqlplus
dgomez/dgomez@192.168.56.11:5557/orcl
SQL*Plus: Release 12.1.0.2.0
Production on Fri Jun 7 09:55:10 2019
Copyright (c) 1982, 2014,
Oracle. All rights reserved.
Last Successful login time: Fri
Jun 07 2019 09:54:59 -06:00
Connected to:
Oracle Database 12c Enterprise
Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP,
Advanced Analytics, Real Application Testing
and Unified Auditing options
SQL> show user
USER is "DGOMEZ"
SQL>
No hay comentarios:
Publicar un comentario