The Database Firewall monitors SQL traffic from clients (users and applications) to databases and determines whether to allow, log, alert, substitute, or block the SQL. It sends the network events that it captures to the Audit Vault Server based on the policy configuration.
You can choose the following Database Firewall deployment modes:
Monitoring/Blocking (Proxy) mode enables the Database Firewall to both monitor and block SQL traffic, as well as optionally substitute SQL statements. You configure clients to connect to the Database Firewall instead of the database so that the firewall can intercept all SQL traffic and take the necessary actions, based on policies that you define.
One Database Firewall can monitor traffic from multiple targets deployed in different modes. For example, one Database Firewall can be deployed in Monitoring/Blocking (Proxy) mode for some targets and in Monitoring (Host Monitor) mode and Monitoring (Out-of-Band) mode for other targets.