This appendix lists the TCP and UDP ports used by Oracle Audit Vault and Database Firewall.
Topics
These following two classes of ports must be open in external network firewalls for these Database Firewall deployments:
When a Database Firewall is configured to protect a Secured Target database, traffic directed to that database must be able to pass through external network firewalls to the Database Firewall. The ports required are configured in the Secured Target's page in the Audit Vault Server.
A Database Firewall can be configured to accept proxy connections, which are passed on to the database. The ports required for the proxy connection are configured in the Network Configuration page on the Database Firewall.
Note:
It is recommend that you do not change these ports.
Learn about the ports for services that are provided by Oracle Audit Vault Server.
Table D-1 lists the ports for services that are provided by Oracle Audit Vault Server. These services are used by external users of the system. Access to most of these ports can be controlled within Oracle AVDF. If you use external network firewalls, then these ports must be open to enable connections from the users, or clients, of these services to Oracle Audit Vault Server.
Table D-1 Ports for Services Provided by Audit Vault Server
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
22 |
TCP |
SSH |
Command line access to system |
Disabled by default |
161 |
UDP |
SNMP |
SNMP Access |
Disabled by default |
443 |
TCP |
HTTPS |
Administration Console (web interface) |
None |
1521 |
TCP |
Oracle Database |
Access for Audit Vault agents, and access to Oracle Database for reporting |
Audit Vault Agents use native Oracle Net Services data encryption |
1522 |
TCPS |
Oracle Database |
Access for Audit Vault agents, and access to Oracle Database for reporting |
Uses TCPS |
7443 |
TCP |
TCPS |
Audit Vault Servers in high availability mode. |
This is between primary and secondary Audit Vault Servers when high availability is configured. |
Table D-2 lists ports for general services provided by the Database Firewall. These services are used by outside users of the system, and access to all them can be controlled within the Audit Vault and Database Firewall system. If external network firewalls are used, these ports must be open to allow connections from the users (clients) of these services to the Database Firewall(s) in the Audit Vault and Database Firewall system.
Table D-2 Ports for Services Provided by Database Firewall
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
22 |
TCP |
SSH |
Command line access to system |
Disabled by default |
161 |
UDP |
SNMP |
SNMP Access |
Disabled by default |
443 |
TCP |
HTTPS |
Administration Console (web interface) |
None |
2050 - 5100 |
TCP |
Audit Vault and Database Firewall Internal Protocol |
Incoming traffic captured from Host Monitor. The Host Monitor forwards the data securely to Database Firewall. |
This applies when deployed in Host Monitor mode and ports need not be open during out-of-band, in-line bridge, or proxy mode. For each enforcement point, a unique port is created in the given range. The exact port for each enforcement point can be found at
|
2050 - 5100 |
TCP |
Syslog |
Incoming WAF (F5) violation alerts |
The exact port number used by an enforcement point can be found in the Advanced settings page of the enforcement point. See Also: |
Table D-3 lists ports for external services that may be used by the Audit Vault Server. If external network firewalls are used, the relevant ports must be open so that the Audit Vault Server can use these services as a client.
Table D-3 Ports for External Network Access by the Audit Vault Server
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
25 |
TCP |
SMTP |
Email delivery |
None |
53 |
UDP |
DNS |
Domain name service |
None |
123 |
UDP and TCP |
NTP |
Time Synchronization |
None |
514 |
UDP, or configured as TCP |
Syslog |
Syslog alerts |
For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. See Also: |
3260 |
TCP |
Software iSCSI |
SAN server communication |
This port can be configured on Audit Vault Server console when registering a SAN server. See Also: |
Secured Target listener port. It is the same as the port provided in secured target location. |
Oracle Database |
TCP or TCPS |
User Entitlement Reporting Stored Procedure Auditing Audit Policy Retrieval |
The direct connection between Audit Vault Server and the Secured Target. The connection details is provided with the secured target location used. |
See Also::
Out-of-the Box Plug-ins at a Glance for a complete list of supported secured target types.
Table D-4 lists ports for external services that may be used by the Database Firewall. If external network firewalls are used, the relevant ports must be open so that the Database Firewall can use these services as a client.
Table D-4 Ports for External Network Access by the Database Firewall
Port | Protocol Family | Protocol | Purpose | Notes |
---|---|---|---|---|
53 |
UDP |
DNS |
Domain name service |
None |
123 |
UDP and TCP |
NTP |
Time Synchronization |
None |
514 |
UDP, or configured as TCP |
Syslog |
Syslog alerts |
For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console. |
514 |
TCP |
WAF (F5) alerts |
WAF (F5) alerts |
The port can be changed from the Audit Vault Server console. |
Learn about ports for internal TCP communication between Oracle Database Firewall and Oracle Audit Vault Server.
Table D-5 lists ports for services that are used between Oracle Database Firewall and Oracle Audit Vault Server. If you configure an external network firewall between these systems, then you must open the relevant ports.
Table D-5 Ports for Internal TCP Communication
Port | Protocol Family | Protocol | Direction | Notes |
---|---|---|---|---|
7443 |
TCP |
HTTPS |
|
It is the default port for inter appliance communication. It applies to both the Audit Vault Server and the Database Firewall. It also handles traffic log transfer from the Database Firewall. |
1514 |
TCP |
SSL |
Oracle Audit Vault Server accepts connections from Database Firewall |
Event reporting and monitoring |