In Monitoring (Out-of-Band) mode, the Database Firewall monitors and alerts on SQL traffic, but it can't block or substitute SQL statements. You can use several technologies to copy database traffic to the Database Firewall, including (but not limited to) SPAN ports, network taps, and packet replicators.
The example in the diagram has three subnets: client, database, and management. The client subnet contains three clients that connect to the network router through a switch in the client subnet. The database subnet contains three databases that connect directly to the Database Firewall through a switch with a SPAN port and then a Database Firewall NIC in the database subnet. The database subnet also contains three clients that, along with the network router, connect to the same switch with a SPAN port. The management subnet contains the Database Firewall and the Audit Vault Server, which connect to each other through a switch in the management subnet.
The following points refer to the letter callouts in the diagram:
- A: The clients in the client subnet connect directly to the database through the network router and the switch with the SPAN port in the database subnet.
- B: The clients in the database subnet connect directly to the database through the switch with the SPAN port in the database subnet.
- C: The Database Firewall monitors database activity through the Database Firewall NIC, which connects to a SPAN port on the switch in the database subnet.
- D: The Database Firewall extracts and analyzes SQL data from the client traffic and sends it through the switch in the management subnet to the Audit Vault Server, based on the Database Firewall policy.