Release Notes
Release 5.0 for Oracle Linux
E18694-04
September 2011
These Release Notes contain important information that was not included in the Oracle Database Firewall Release 5.0 documentation. They apply to Oracle Database Firewall on all platforms.
This document contains the following sections:
You can download the most current version of this document from the following Web site:
This section contains:
Database Firewall May Route Responses Out of Wrong Interface
Archive Traffic Logs to Avoid Loss when Restoring a Configuration
Avoid Creating More than One Protected Database Using Same Database Details
Enabling or Disabling Local Monitor in Database in DPE Terminates Existing Database Sessions
syslog Does Not Log More than 1000 Messages Per Minute for Protected Databases
Database Firewall Time Configurations must be Correct for the Analyzer to use Correct Time Ranges
Log Search Result Show Percentage Complete Based on Total Logged Statements
If DNS Configuration Is Broken, It Can Prevent Local Monitor Forward and Reverse DNS Lookup
When Setting Database Firewall to DPE all Connections to the Database Must Reconnect
Certain Novelty Policies Not Enabled for Oracle Database Firewall Release 5.0
Traffic Log Mode Performance Issue on High Throughput Systems
Certain long running operations, such as deleting large amounts of traffic log data, may interfere with the Management Server Administration Console. Wait until these operations are complete before performing administration tasks.
Performing a Configuration Restore job will delete any Archive Jobs that have been made previously.
In a High Availability environment where a user's browser has JavaScript disabled, the user must manually refresh the Appliances List page to obtain the status of the appliances.
When you configure a High Availability environment, ensure that the specifications of the hardware used for paired Database Firewalls are identical.
When you use a Database Firewall system in DPE mode, with a Database Firewall between it and the rest of the network, you must turn off any IP spoofing detection rules in the Database Firewall.
Where the Database Firewall Management Server and the Bridge are connected to physically separate networks which are on the same subnet, Database Firewall may route responses out of the wrong interface. If physically separate networks are required, use different subnets.
When you upgrade an existing installation using a patch, you must restart the upgraded system after you install the patch. This ensures that all services can restart.
The system overwrites the existing configuration when you restore a configuration. This can lead to traffic logs being removed. If you merge an old configuration with current traffic logs, archive the data, restore the configuration, and then restore the data.
When you restore previously archived traffic log data to a system using the Restore functionality, determine whether or not these log files must be associated with a monitoring point. You can do this from the Repair Menu option in the System menu.
Do not create two or more protected databases containing the same database details (IP address and port number). This can cause problems with report generation.
If you enable or disable Local Monitor from a protected database being monitored in DPE mode, any existing database sessions terminate.
If a protected database being monitored receives more than 1000 alerts in one minute, subsequent alerts are not shown in the syslog messages. In this event, the following message is written to the syslog,:
WARN - More than 1000 alerts in the last minute. Subsequent alerts will not be processed.
When you configure Database Firewall, ensure that the System Time and Time Offset are set correctly so that Database Firewall Analyzer uses the correct time ranges when training on log data.
When you generate log search results, the percentage complete figure shown is based on the total number of statements that have been logged rather than the maximum results value specified when defining the Log Search Result.
Local Monitor does both a forward and reverse DNS lookup to determine if a session is from the local machine. If a DNS configuration is broken and prevents the server from doing the lookup successfully, then the Local Monitor cannot record console events. To ensure that Local Monitor records all local sessions, check that your DNS configuration is correct.
Database Firewall may not show a link light when connected to certain switches, for example, Cisco 2900. To ensure connectivity, in the System Settings menu on the System tab, set the link properties to use a manual setting rather than the Autonegotiated setting.
For Sybase ASE stored procedure auditing, the tempdb database must be large enough to accommodate the generated temp files. To check this, perform the following steps:
Run the sp_helpdb system stored procedure.
Compare the db_size columns for the sybsystemproc and tempdb databases.
The tempdb database should be larger than sybsystemproc, at least by a couple of MBs.
When you set a Database Firewall to DPE mode (through Enforcement Point Settings or by restarting a Database Firewall with network passthrough), ensure that all connections to the database are forced to reconnect. In addition, in DPE mode, if you change Enforcement Point Settings, you must also force all database connections to reconnect.
Novelty policies in Oracle Database Firewall Release 5.0 do not allow the action warn or escalations. If baseline policies are loaded from Oracle Database Firewall Release 4.3 or earlier, with these options enabled, the Analyzer will update the policy. Ensure that the changes to your Novelty Policies are correct.
For any baselines created with Oracle Database Firewall prior to Release 5.0, you must manually update the following to ensure that all names are uppercase:
Sensitive field masking
Novelty policies based on table, column, or procedure names
The following error may appear in the syslog after an update:
WARN - Failed to connect to database:ORA-12541: TNS:no listener
If this error appears, then run the following commands as the root user:
. oraenvs lsnrctl start
Do not use Traffic log diagnostic mode on high throughput systems. (To find this mode, in either the Management Server or the standalone Database Firewall Administration Console, select the Reporting tab, and then from the Traffic Log menu, select View.) Doing so decreases the performance of the Oracle Database Firewall system.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Database Firewall Release Notes, Release 5.0 for Oracle Linux
E18694-04
Copyright © 2003, 2011, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.