1. Administrator's Guide
  2. General Reference
  3. Ports Used by Oracle Audit Vault and Database Firewall

H Ports Used by Oracle Audit Vault and Database Firewall

Oracle Audit Vault and Database Firewall uses specific TCP and UDP ports.

H.1 Ports for Deploying Database Firewall for Targets

You must configure two classes of ports when deploying Database Firewall for targets.

These following two classes of ports must be open in external network firewalls for the following types of Database Firewall deployments:

  • When you configure Database Firewall to protect a target database, traffic directed to that database must be able to pass through external network firewalls to Database Firewall. The ports required are configured in the target's page in Audit Vault Server.

  • You can configure Database Firewall to accept proxy connections which are passed on to the database. The ports required for proxy connections are configured in the Network Configuration page on Database Firewall.

Note:

It is recommend that you do not change these ports.

See Also:

H.2 Ports for Services Provided by Audit Vault Server

Learn about the ports for services that are provided by Audit Vault Server.

Table H-1 lists the ports for services that are provided by Audit Vault Server. These services are used by external users of the system. Access to most of these ports can be controlled within Oracle AVDF. If you use external network firewalls, then these ports must be open to enable connections from the users, or clients, of these services to Audit Vault Server.

Table H-1 Ports for Services Provided by Audit Vault Server

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

443

TCP

HTTPS

Administration Console (web interface)

None

1521

TCP

Oracle Database

Access for Audit Vault agents, and access to Oracle Database for reporting

Audit Vault Agents use native Oracle Net Services data encryption

1522

TCPS

Oracle Database

Access for Audit Vault agents, and access to Oracle Database for reporting

Uses TCPS

7443

TCP

HTTPS

Starting with Oracle AVDF 20.10, the Audit Vault Agent uses this port to connect to the Audit Vault Server.

Audit Vault Servers in high availability mode.

This is between primary and secondary Audit Vault Servers when high availability is configured.

The Audit Vault Agent uses HTTPS for agent activation.

H.3 Ports for Services Provided by Database Firewall

Learn about the ports for services that are provided by Database Firewall.

Table H-2 lists ports for general services provided by Database Firewall. These services are used by outside users of the system, and access to all them can be controlled within Oracle Audit Vault and Database Firewall. If you use external network firewalls, then these ports must be open to enable connections from the users, or clients, of these services to the Database Firewall configurations in Oracle Audit Vault and Database Firewall.

Table H-2 Ports for Services Provided by Database Firewall

Port Protocol Family Protocol Purpose Notes

22

TCP

SSH

Command line access to system

Disabled by default

161

UDP

SNMP

SNMP Access

Disabled by default

2050 - 5100

TCP

Audit Vault and Database Firewall Internal Protocol

Incoming traffic captured from Host Monitor Agent. The Host Monitor Agent forwards the data securely to Database Firewall.

This applies when deployed in Host Monitor mode and ports need not be open during out-of-band or proxy mode.

For each monitoring point, a unique port is created in the given range. The exact port for each monitoring point can be found by:

  1. Log in to the Database Firewall through SSH and switch to the root user.

    See Logging In to Oracle AVDF Appliances Through SSH.

  2. Change to /var/dbfw/va directory.
  3. Identify the Database Firewall monitoring point by searching for the target name configured in the Audit Vault Server. Run the following command:
    grep -lr <TARGET NAME> *
  4. Find the monitoring point number from the output which contains the name and path of the configuration file. For example: 1/etc/appliance.conf. In this example, 1 is the monitoring point number.

REMOTE_AGENT_LISTEN_PORT is the key in appliance.conf file that represents the port Database Firewall is listening for data from Host Monitor Agent.

2050 - 5100

TCP

Syslog

Incoming WAF (F5) violation alerts

The exact port number used by a monitoring point can be found in the Advanced settings.

See Also:

Finding the Port Number Used by a Database Firewall Monitoring Point

H.4 Ports for External Network Access by Audit Vault Server

You must configure the correct external network firewall ports to enable Audit Vault Server to access them as a client.

Table H-3 lists ports for external services that Audit Vault Server can use. If you use external network firewalls, then the correct ports must be open so that Audit Vault Server can use these services as a client.

Table H-3 Ports for External Network Access by the Audit Vault Server

Port Protocol Family Protocol Purpose Notes

25

TCP

SMTP

Email delivery

None

53

UDP

DNS

Domain name service

None

123

UDP and TCP

NTP

Time Synchronization

None

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console.

See Also:

Configuring Audit Vault Server Syslog Destinations

3260

TCP

Software iSCSI

SAN server communication

This port can be configured on Audit Vault Server console when registering a SAN server.

See Also:

Registering a SAN Server

Target listener port.

It is the same as the port provided in target location.

Oracle Database

TCP or TCPS

User Entitlement Reporting

Stored Procedure Auditing

Audit Policy Retrieval

Security Assessment and Sensitive Objects

The direct connection between Audit Vault Server and the target.

The connection details is provided with the target location used.

See Also:

About Plug-ins for a complete list of supported target types.

H.5 Ports for External Network Access by Database Firewall

Learn about the ports that you must configure for access by Database Firewall.

Table H-4 lists ports for external services that Database Firewall can use. If you use external network firewall, then the relevant ports must be open so that Database Firewall can use these services as a client.

Table H-4 Ports for External Network Access by Database Firewall

Port Protocol Family Protocol Purpose Notes

53

UDP

DNS

Domain name service

None

123

UDP and TCP

NTP

Time Synchronization

None

514

UDP, or configured as TCP

Syslog

Syslog alerts

For TCP-transport connections to syslog server(s) the port must be configured in the Audit Vault Server console.

514

TCP

WAF (F5) alerts

WAF (F5) alerts

The port can be changed from the Audit Vault Server console.

See Also:

Configuring Audit Vault Server Syslog Destinations

H.6 Ports for Internal TCP Communication

Learn about ports for internal TCP communication between Database Firewall and Audit Vault Server.

Table H-5 lists ports for services that are used between Database Firewall and Audit Vault Server. If you configure an external network firewall between these systems, then you must open the relevant ports.

Table H-5 Ports for Internal TCP Communication

Port Protocol Family Protocol Direction Notes

7443

TCP

HTTPS

  • Database Firewall accepts connections from Audit Vault Server

  • Database Firewall accepts connections from Audit Vault Server in high availability.

It is the default port for inter appliance communication. It applies to both the Audit Vault Server and the Database Firewall. It also handles traffic log transfer from the Database Firewall.

1514

TCP

SSL

Audit Vault Server accepts connections from Database Firewall

Event reporting and monitoring