Index

A  B  C  D  E  F  G  H  I  J  K  L  M  O  P  R  S  T  U  W 

A

Administration Console
about, 1.3.1
Appliances tab, 13.3
Dashboard page, 13.2
deciding which to use, 1.3.2
Enforcement Points page, 13.5.1
logging in to, 1.3.3
Manage Logs page, 13.12
Management Server performance, long-running tasks, 13.2
network traffic
capturing to file, 13.16.2
viewing, 13.16.1
Protected Databases page, 13.4.1
Syslog Settings page, 13.13
Users page, 13.15.1
administration log, 13.15.1
Analyzer
login and logout policies, 10.2.2
Appliances page
configuring Oracle Database firewalls, 13.3
Appliances tab, 1.3.4
manual refresh , high-availability and JavaScript, 13.3
applied_baselines table, A.2.2
architecture
components, 1.2.1
high availability resilient pairs, 1.2.2
using Oracle Database Firewall Server, 1.2.1
archiving
about, 13.11.1
and disk space limitation, 13.11.1
Archiving With No Pass Phrase option, 13.11.5
configuring archive job, 13.11.5
defining destinations, 13.11.2
manual, 13.11.4
port for Windows File Sharing transfer method, 13.11.2
restoring, 13.11.6
restoring configuration deletes archive jobs, 13.11.6
scheduling, 13.11.3
Archiving tab, 1.3.4
ArcSight Security Information Event Management (SIEM)
about, 12.1
configuring, 13.13
database audit messages, 12.3.4
deployment procedure, 12.2
enabling interface, 12.2
heartbeat messages, 12.3.2
how the integration works, 12.3.1
login alert messages, 12.3.7
logout alert messages, 12.3.8
message types, 12.3.1
property change messages, 12.3.3
specifying ArcSight server, 12.2
statement alert messages, 12.3.5
statement alert WAF messages, 12.3.6
syslog conversion tables, 12.3
system OS alert messages, 12.3.9
attributes (F5)
traffic log attributes, C.4
auditing
Stored Procedure and User Role Audit tables, A.4
stored procedures, 5
user roles, 6

B

BIG-IP ASM (Application Security Manager)
about integration, 11.1
benefits of integration with Oracle Database Firewall, 11.2
configuration requirements, 11.4.1
configuring with Database Firewall, 11.4.3
creating logging profile, 11.4.4
custom iRule, 11.4.5.1
how integration works, 11.3
integration with Oracle Database Firewall, 11.1
iRules syslog messages, 11.4.5.1
policy settings, 11.4.4.2
presentation of data in Database Firewall, 11.5.1
sample iRule, 11.4.5
system requirements for integration, 11.4.2
transmitting iRule syslog messages, 11.4.5.2
used with ArcSight Security Information Event Management (SIEM), 12.1
viewing traffic log, 11.5.2
bridge IP addresses
standalone Database Firewall, 2.7
subnet restriction for DPE mode, 2.7

C

cluster_components table, A.2.10
configuring BIG-IP ASM, 11.4.1
configuring Oracle Database firewalls, 13.3
configuring Oracle Database Firewalls, 13.3
configuring protected databases, 13.4, 13.4.1
connectors
configuring to third-party systems, 13.13
e-mail example, 13.14.3
e-mail recipients, 13.14.2
e-mail SMTP configuration, 13.14.1
context
traffic log attributes, C.3

D

DAM mode, 1.2.2
Dashboard tab, 1.3.4
data
archiving, 4.5
presentation in reports, A.5
database
schema, A.1
report-related functions, A.5
database audit summary messages, B.2.4
database connections
and DPE mode, 2.6, 3.5, 13.5.4
Database Control
in Oracle Enterprise Manager, 13.17
database_user_addresses table, A.2.3
database_users table, A.2.4
Date and Time
setting, 3.2.3
date settings
standalone Database Firewall, 2.2
dictionary table, A.2.5
direct database interrogation
configuring for Oracle databases with Oracle Advanced Security, 9.1.2
direct database interrogation (DDI)
about, 9.1
configuring for Microsoft SQL Server databases, 9.2.1
configuring for Sybase SQL Anywhere databases, 9.2.2
disabling, 9.5
enabling, 9.4
disk space
25% free limitation, 13.11.1
DNS
and Local Monitor function, 7.1
doa_approved_edits table, A.4.2
doa_approved_objects table, A.4.3
doa_edit_comments table, A.4.4
doa_edits table, A.4.5
doa_pending_approvals table, A.4.6
doa_tag_definitions table, A.4.7
DPE mode
and spoofing detection rules, 2.6, 3.5, 13.5.4
bridge IP addresses, 2.7
forcing database connections to reconnect, 2.6, 3.5, 13.5.4
traffic disruption on time synchronization, 2.2, 3.2.3, 3.4.2

E

e-mail notifications
configuring recipients, 13.14.2
configuring SMTP server, 13.14.1
example, 13.14.3
encryption
configuring DDI for encrypted Oracle Database, 9.3
native encryption in Oracle Advanced Security, 9.3.2
providing public key to encrypted Oracle Database, 9.3.2
enforcement points
configuring on Database Firewall, 2.6
configuring on Management Server, 3.5
definition, 13.5.1, Glossary
pairing, 4.4
Enforcement Points page
monitoring Oracle Database firewalls, 13.5.1
Enterprise Manager
Database Control, 13.17
error messages
and enabling JavaScript in browser, 2.1, 3.1
examples
e-mail alert contents, 13.14.3

F

F5 BIG-IP ASM alerts, B.2.6
forensic database tables
about, A.3.1
forensic tables
traffic_log_queries, A.3.2
traffic_log_query_results, A.3.3

G

general messages, B.2.1

H

hardware
identical for resilient pair of firewalls, 4.3.1
heartbeat messages, B.2.2
high availability
about resilient pairs, 1.2.2
configuring resilient pair of firewalls, 4.3
configuring resilient pair of Management Servers, 4.2
enforcement points, pairing, 4.4
identical hardware for pair of firewalls, 4.3.1
viewing settings for Management Server, 4.2.1

I

IBM DB2 SQL databases, 6.2.6
stored procedure auditing, 5.2.6
user role auditing, 6.2.6
install
local monitoring, 7.2.1
IP addresses
and port numbers, should be different for protected databases, 13.4.1
and spoofing detection in DPE mode, 2.6, 3.5, 13.5.4
subnet restrictions for proxy interface, 13.8
iRule syslog messages
BIG-IP ASM command, 11.4.5.2

J

JavaScript
enabling to display error messages, 2.1, 3.1
refreshing appliances list manually, 13.3

K

keyboard settings, 13.10

L

local monitoring
about, 7.1
and DNS configuration, 7.1
database accounts created, 7.2.2
disabling, 7.4
enabling, 7.3
installing
Microsoft SQL Server databases, 7.2.4
Oracle databases, 7.2.3
Sybase ASE databases, 7.2.5
removing
Microsoft SQL Server databases, 7.2.4
Oracle databases, 7.2.3
Sybase ASE databases, 7.2.5
scripts for installing, 7.2.1
logging
archiving log data, 13.11.1
forensic tables, A.3
viewing log files, 13.12
logout alerts, B.2.8
logs
administration changes, 13.12, 13.15.1
manage disk space, 13.12
repair, 13.12
system events, 13.12
traffic, 13.12

M

MAC addresses
spoofing detection and DPE mode, 2.6, 3.5, 13.5.4
management server
configuring resilient pair, 4.2
performance during long-running tasks, 13.2
swapping primary and secondary, 4.2.2
viewing high availability settings, 4.2.1
Microsoft SQL Server databases
direct database interrogation, 9.2.1
local monitoring
installing, 7.2.4
removing, 7.2.4
stored procedure auditing, add user permissions, 5.2.2
stored procedure auditing, remove user permissions, 5.2.2
user role auditing, 6.2.2
user role auditing (URA), remove user permissions, 6.2.2
monitoring
embedded Oracle database in Database Firewall, 13.17
enforcement points, 13.5
Monitoring tab, 1.3.4
MySQL databases
stored procedure auditing, add user permissions, 5.2.3
stored procedure auditing, remove user permissions, 5.2.3
user role auditing (URA), add user permissions, 6.2.3
user role auditing (URA), remove user permissions, 6.2.3

O

Oracle Advanced Security
decrypting in Database Firewall, 9.1.2
native encryption required, 9.3.2
providing public key to encrypted Oracle Database, 9.3.2
Oracle Database
embedded in Database Firewall, monitoring, 13.17
Oracle Database Firewall
adding, 13.3, 13.3
adding Database Firewall to Management Server, 3.4.2
creating a resilient pair, 13.3
integration with BIG-IP ASM, 11.1
updating, 4.6
ways to connect to, 1.2.3
Oracle Database Firewall Administration Console
Dashboard page, 11.5.1
displaying BIG-IP ASM data, 11.5.1, 11.5.2
generating BIG-IP ASM WAF reports, 11.5.3
traffic log, 11.5.2
Oracle Database Firewall database schema
See Stored Procedure and User Role Audit database; forensic database; summary database
Oracle Database Firewall Server
architecture using, 1.2.1
Oracle Database Firewall tables, A
Oracle Database Firewall views, A
Oracle Database Firewall with BIG-IP ASM
configuration requirements, 11.4.3
Oracle Database Firewall, standalone
about, 2.1
bridge IP addresses, 2.7
date and time setting, 2.2
enforcement points, 2.6
syslog destinations, 2.5
system settings, 2.3
testing configuration, 2.8
Oracle databases
decrypting Oracle Advanced Security traffic, 9.1.2
local monitoring
installing, 7.2.3
removing, 7.2.3
stored procedure auditing, adding user account, 5.2.1
stored procedure auditing, removing user account, 5.2.1
user role auditing, adding user account, 6.2.1
user role auditing, removing user account, 6.2.1

P

partner settings
specifying, 3.4.1
pass phrase
archiving with no pass phrase, 13.11.5
not archived, restoring, 13.11.6.1
passwords
guidelines for creating, 13.15.2
policies, 13.15.3
performance
long-running tasks affect management server console, 13.2
traffic log attributes, C.2
policies
applied_baselines table, A.2.2
archiving, 13.11.1
enforcement point settings, changing, 13.5.4
high availability configuration, 4.4
login and logout policies, 10.2.2
statements database response monitoring, 10.1
statements local monitoring, 7.1
uploading, 2.6, 3.5
port number
for proxy, 13.8
property change messages, B.2.3
protected databases
configuring protected databases, 13.4.1
configuring user settings, 13.4.2
should have different IP addresses, port numbers, 13.4.1
protected_database_addresses table, A.2.6
protected_databases table, A.2.7
proxy
add to management interface, 13.8
configuring in Database Firewall, 13.8
IP address, subnet restrictions, 13.8
port number, 13.8
public key
providing to encrypted Oracle Database, 9.3.2

R

remote monitoring
about, 8.1
checking status for, 8.2.3
disabling, 8.3
installing, 8.2
options for running script, 8.2.2
running, 8.2.2
report_lib
functions for data presentation, A.5
Reporting tab, 1.3.4
reports
compliance settings, 13.4.1
data presentation functions, A.5
direct database interrogation, 9.1.1
e-mail notification, 13.10
Management Server failing, 4.1.1
protected_databases table, A.2.7
remote monitoring, 8.1
scheduled reports, 13.10
Stored Procedure and User Role Audit tables, A.4.1
traffic_summaries table, A.2.15
See also Oracle Database Firewall tables
resilient pair
about, 1.2.2
configuring, 4.3
creating, 3.4.3
identical hardware, 4.3.1
of firewalls, 4.3
of management servers, 4.2
restoring, 13.11.6
configuration restore deletes previous archive jobs, 13.11.6
retaining current traffic logs when restoring configuration, 13.11.6
when pass phrase was not archived, 13.11.6.1

S

scheduling archives, 13.11.3
schema, securelog, A.1
secure log access
setting for Management Server, 3.2.2
setting for standalone Database Firewall, 2.4
securelog schema, about, A.1
security
and admin user accounts, 13.15.1
guidelines for Database Firewall, 1.4, 13.1
server certificate, 3.3.2
SMTP server, configuring for e-mail, 13.14.1
sources table, A.2.8
spoofing detection
MAC and IP address, and DPE mode, 2.6, 3.5, 13.5.4
SQL Anywhere
See Sybase SQL Anywhere
SQL Server
See Microsoft SQL Server
statement alerts, B.2.5
Stored Procedure and User Role Audit tables
about, A.4.1
doa_approved_objects, A.4.3
doa_edits, A.4.5
doa_pending_approvals, A.4.6
doa_tag_definitions, A.4.7
Stored Procedure and User Role tables
doa_approved_edits, A.4.2
doa_edit_comments, A.4.4
stored procedure auditing (SPA)
about, 5.1
ArcSight syslog messages, 12.3.4
disabling, 5.4
enabling on Database Firewall, 5.3
installing ODBC driver for Linux
Sybase SQL Anywhere databases, 5.2.5.1
MySQL databases
add user permissions, 5.2.3
removing user permissions
IBM DB2 SQL databases, 5.2.6
Microsoft SQL Server databases, 5.2.2
MySQL databases, 5.2.3
Oracle databases, 5.2.1
Sybase ASE databases, 5.2.4, 5.2.4
Sybase SQL Anywhere databases, 5.2.5.2
setting user permissions
IBM DB2 SQL databases, 5.2.6
Microsoft SQL Server databases, 5.2.2
Oracle databases, 5.2.1
SQL Anywhere databases, 5.2.6
Sybase ASE databases, 5.2.4
Sybase SQL Anywhere databases, 5.2.5.2
Stored Procedure and User Role Audit tables, A.4
subnet
bridge IP address restriction, 2.7
for proxy IP address, 13.8
system settings, default gateway, 2.3, 3.2.1
system settings, network mask, 2.3, 3.2.1
Summarize Now button
traffic log files, 13.12
summary tables
about, A.2.1
applied_baselines, A.2.2
cluster_components, A.2.10
database_user_addresses, A.2.3
database_users, A.2.4
dictionary, A.2.5
protected_database_addresses, A.2.6
protected_databases, A.2.7
relationship diagram, A.2.16
sources, A.2.8
summary_clusters, A.2.9
summary_records, A.2.11
summary_sessions, A.2.12
summary_statement_attributes, A.2.13
traffic_events, A.2.14
traffic_summaries view, A.2.15
summary_clusters table, A.2.9
summary_records table, A.2.11
summary_sessions table, A.2.12
summary_statement_attributes table, A.2.13
Sybase ASE databases
local monitoring
installing, 7.2.5
removing, 7.2.5
stored procedure auditing
add user permissions, 5.2.4
remove user permissions, 5.2.4
user role auditing, 6.2.4
Sybase SQL Anywhere databases
direct database interrogation, 9.2.2
installing ODBC driver for Linux
stored procedure auditing, 5.2.5.1
user role auditing, 6.2.5.1
stored procedure auditing
remove user permissions, 5.2.5.2
stored procedure auditing, setting permissions, 5.2.5.2
user role auditing
add user permissions, 6.2.5.2
remove user permissions, 6.2.5.2
synchronizing time
traffic disruption in DPE mode, 2.2, 3.2.3, 3.4.2
syslog destinations
configuring, 3.2.4
syslog messages
about, B.1
alerts, B.1
database audit summary messages, B.2.4
F5 BIG-IP ASM alerts, B.2.6
format, B.2
general messages, B.2.1
heartbeat messages, B.1, B.2.2
logout alerts, B.2.8
property change messages, B.2.3
size limits, B.2
statement alerts, B.2.5
statistics, B.1
when refreshed, B.1
system settings, 3.2.1
configuring, 13.10
System tab, 1.3.4

T

third-party products used with Oracle Database Firewall, 1.2.4
third-party systems
configuring connectors, 13.13
time settings
standalone Database Firewall, 2.2
time synchronization
traffic disruption in DPE mode, 2.2, 3.2.3, 3.4.2
traffic disruptions
time synchronization in DPE mode, 2.2, 3.2.3, 3.4.2
traffic log attributes, C
attributes (F5), C.4
context, C.3
performance, C.2
transaction status, C.1
traffic logs
BIG-IP ASM, 11.5.2
free disk space limitation, 13.11.1
retaining after restoring configuration, 13.11.6
Summarize Now button, 13.12
traffic_events table, A.2.14
traffic_log_queries table, A.3.2
traffic_log_query_results table, A.3.3
traffic_summaries view, A.2.15
transaction status
traffic log attributes, C.1

U

upgrades, swapping Management Servers, 4.2.2
user accounts
about, 13.15.1
created from Management Server, 13.15.1
creating, 13.15.2
database_user_addresses table, A.2.3
database_users table, A.2.4
password policies, 13.15.3
security guideline, 13.15.1
tracing changes to, 13.15.1
user permissions
stored procedure auditing, 5.2
user role auditing, 6.2.1
user role auditing (URA)
about, 6.1
ArcSight syslog messages, 12.3.4
disabling, 6.4
enabling on Database Firewall, 6.3
installing ODBC driver for Linux
Sybase SQL Anywhere databases, 6.2.5.1
MySQL databases
add user permissions, 6.2.3
remove user permissions
IBM DB2 SQL databases, 6.2.6
Microsoft SQL Server databases, 6.2.2
MySQL databases, 6.2.3
Oracle databases, 6.2.1
Sybase databases, 6.2.4
Sybase SQL Anywhere databases, 6.2.5.2
setting user permissions
Microsoft SQL Server databases, 6.2.2
Oracle databases, 6.2.1
SQL Anywhere databases, 6.2.6
Sybase ASE databases, 6.2.4
Sybase SQL Anywhere databases, 6.2.5.2
Stored Procedure and User Role Audit database tables, A.4

W

Web Application Firewall (WAF)
about, 11.1
defined, 1.2.4
reports in BIG-IP ASM, 11.5.3
Windows file sharing
archiving transfer method, recommended port, 13.11.2