11 Using Oracle Database Firewall with Oracle RAC
You can configure Oracle Database Firewall to work with Oracle Real Application Clusters (Oracle RAC) so that it can block and substitute statements or log SQL statements and raise alerts.
11.1 Configuring a Database Firewall with Oracle RAC for Monitoring and Blocking
Learn how to configure a database firewall with Oracle Real Application Clusters (Oracle RAC) for monitoring and blocking.
11.1.1 About Configuring Database Firewall with Oracle RAC for Monitoring and Blocking
Oracle Database Firewall has monitoring and blocking features that you can use with Oracle RAC.
To use blocking, you must use the Monitoring / Blocking (Proxy) mode.
The Database Firewall when configured in Monitoring / Blocking (Proxy) mode, the following takes place:
- SQL client connects to Database Firewall.
- Database Firewall connects to SCAN Listener.
- SCAN Listener redirects the connection to a RAC node.
- Database Firewall handles the redirection, makes a outbound connection to the re-directed RAC node.
- The response from Oracle RAC node is passed to the client.
Caution:
If you set up an Oracle RAC protected database to be a scan listener, you also need to select the RAC Instance/Autonomous DB check box when registering the database as a target. If you don't identify the target as a RAC database, the scan listener could redirect the client to a different IP address, bypassing the Database Firewall entirely.
See Registering Targets for instructions.
11.2 Configuring a Database Firewall with Oracle RAC for Monitoring
You can configure an Oracle Database Firewall with Oracle RAC to use Host Monitoring and Out-of-Band deployment modes.
Oracle recommends that you configure Oracle Database Firewall with Oracle RAC in one of the following deployment modes:
-
Monitoring (Out-of-Band) - In this deployment mode, Oracle Database Firewall can monitor and alert on SQL traffic, but cannot block or substitute SQL statements. Create a monitoring point using IP addresses of all the RAC nodes. Select this option only while creating the monitoring point.
- Monitoring (Host Monitor) - In this deployment mode, Oracle Database Firewall can monitor and alert on SQL traffic, but cannot block or substitute SQL statements. For this deployment mode, install the Host Monitor Agent on each RAC node and create a monitoring point for each RAC node. Select this option only while creating the monitoring point.
Note:
Complete the steps for Creating and Configuring a Database Firewall Monitoring Point. While executing this procedure, ensure to select the deployment mode as mentioned above.