F Ports Used by Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall uses specific TCP and UDP ports.

F.1 Ports for Deploying Oracle Database Firewall for Targets

You must configure two classes of ports when deploying Oracle Database Firewall for targets.

These following two classes of ports must be open in external network firewalls for the following types of Oracle Database Firewall deployments:

  • When you configure Oracle Database Firewall to protect a target database, traffic directed to that database must be able to pass through external network firewalls to Oracle Database Firewall. The ports required are configured in the target's page in Oracle Audit Vault Server.

  • You can configure Oracle Database Firewall to accept proxy connections which are passed on to the database. The ports required for proxy connections are configured in the Network Configuration page on Oracle Database Firewall.

Note:

It is recommend that you do not change these ports.

F.2 Ports for Services Provided by Oracle Audit Vault Server

Learn about the ports for services that are provided by Oracle Audit Vault Server.

Table F-1 lists the ports for services that are provided by Oracle Audit Vault Server. These services are used by external users of the system. Access to most of these ports can be controlled within Oracle AVDF. If you use external network firewalls, then these ports must be open to enable connections from the users, or clients, of these services to Oracle Audit Vault Server.

Table F-1 Ports for Services Provided by Audit Vault Server

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

443

TCP

HTTPS

Administration Console (web interface)

None

1521

TCP

Oracle Database

Access for Audit Vault agents, and access to Oracle Database for reporting

Audit Vault Agents use native Oracle Net Services data encryption

1522

TCPS

Oracle Database

Access for Audit Vault agents, and access to Oracle Database for reporting

Uses TCPS

7443

TCP

TCPS

Audit Vault Servers in high availability mode.

This is between primary and secondary Audit Vault Servers when high availability is configured.

F.3 Ports for Services Provided by Oracle Database Firewall

Learn about the ports for services that are provided by Oracle Database Firewall.

Table F-2 lists ports for general services provided by Oracle Database Firewall. These services are used by outside users of the system, and access to all them can be controlled within Oracle Audit Vault and Database Firewall. If you use external network firewalls, then these ports must be open to enable connections from the users, or clients, of these services to the Oracle Database Firewall configurations in Oracle Audit Vault and Database Firewall.

Table F-2 Ports for Services Provided by Database Firewall

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

443

TCP

HTTPS

Administration Console (web interface)

None

2050 - 5100

TCP

Audit Vault and Database Firewall Internal Protocol

Incoming traffic captured from Host Monitor. The Host Monitor forwards the data securely to Database Firewall.

This applies when deployed in Host Monitor mode and ports need not be open during out-of-band or proxy mode.

For each monitoring point, a unique port is created in the given range. The exact port for each monitoring point can be found at /usr/local/dbfw/va/XX/etc/appliance.conf where XX represents the monitoring points created and have the value of 1, 2, 3…..N.

REMOTE_AGENT_LISTEN_PORT is the key in appliance.conf file that represents the port Database Firewall is listening for data from Host Monitor.

2050 - 5100

TCP

Syslog

Incoming WAF (F5) violation alerts

The exact port number used by a monitoring point can be found in the Advanced settings.

See Also:

Finding the Port Number Used by a Database Firewall Monitoring Point

F.4 Ports for External Network Access by Oracle Audit Vault Server

You must configure the correct external network firewall ports to enable Oracle Audit Vault Server to access them as a client.

Table F-3 lists ports for external services that Oracle Audit Vault Server can use. If you use external network firewalls, then the correct ports must be open so that Oracle Audit Vault Server can use these services as a client.

Table F-3 Ports for External Network Access by the Audit Vault Server

Port Protocol Family Protocol Purpose Notes

25

TCP

SMTP

Email delivery

None

53

UDP

DNS

Domain name service

None

123

UDP and TCP

NTP

Time Synchronization

None

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console.

See Also:

Configuring Audit Vault Server Syslog Destinations

3260

TCP

Software iSCSI

SAN server communication

This port can be configured on Audit Vault Server console when registering a SAN server.

See Also:

Registering a SAN Server

Target listener port.

It is the same as the port provided in target location.

Oracle Database

TCP or TCPS

User Entitlement Reporting

Stored Procedure Auditing

Audit Policy Retrieval   

The direct connection between Audit Vault Server and the target.

The connection details is provided with the target location used.

See Also:

About Plug-ins for a complete list of supported target types.

F.5 Ports for External Network Access by Oracle Database Firewall

Learn about the ports that you must configure for access by Oracle Database Firewall.

Table F-4 lists ports for external services that Oracle Database Firewall can use. If you use external network firewall, then the relevant ports must be open so that Oracle Database Firewall can use these services as a client.

Table F-4 Ports for External Network Access by Oracle Database Firewall

Port Protocol Family Protocol Purpose Notes

53

UDP

DNS

Domain name service

None

123

UDP and TCP

NTP

Time Synchronization

None

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console.

514

TCP

WAF (F5) alerts

WAF (F5) alerts

The port can be changed from the Audit Vault Server console.

F.6 Ports for Internal TCP Communication

Learn about ports for internal TCP communication between Oracle Database Firewall and Oracle Audit Vault Server.

Table F-5 lists ports for services that are used between Oracle Database Firewall and Oracle Audit Vault Server. If you configure an external network firewall between these systems, then you must open the relevant ports.

Table F-5 Ports for Internal TCP Communication

Port Protocol Family Protocol Direction Notes

7443

TCP

HTTPS

  • Oracle Database Firewall accepts connections from Oracle Audit Vault Server

  • Oracle Database Firewall accepts connections from Oracle Audit Vault Server in high availability.

It is the default port for inter appliance communication. It applies to both the Audit Vault Server and the Database Firewall. It also handles traffic log transfer from the Database Firewall.

1514

TCP

SSL

Oracle Audit Vault Server accepts connections from Database Firewall

Event reporting and monitoring