10.1.2 Configure Exceptions for the Windows Firewall

If the Windows Firewall feature is enabled on one or more of the nodes in your cluster, then virtually all transmission control protocol (TCP) network ports are blocked to incoming connections.

Any Oracle product that listens for incoming connections on a TCP port will not receive any of those connection requests and the clients making those connections will report errors unless you configure exceptions for the Windows Firewall. You must configure exceptions for the Windows Firewall if your system meets all of the following conditions:

  • Oracle server-side components are installed on a computer running a supported version of Microsoft Windows. The list of components includes the Oracle Database, Oracle Grid Infrastructure, Oracle Real Application Clusters (Oracle RAC), network listeners, or any web servers or services.

  • The Windows computer in question accepts connections from other computers over the network. If no other computers connect to the Windows computer to access the Oracle software, then no post-installation configuration steps are required and the Oracle software functions as expected.

  • The Windows computer in question is configured to run the Windows Firewall. If the Windows Firewall is not enabled, then no post-installation configuration steps are required.

If all of the above conditions are met, then the Windows Firewall must be configured to allow successful incoming connections to the Oracle software. To enable Oracle software to accept connection requests, Windows Firewall must be configured by either opening up specific static TCP ports in the firewall or by creating exceptions for specific executable files so they can receive connection requests on any ports they choose.

  • Use one of the following methods to configure the firewall:
    • Start the Windows Firewall application, select the Exceptions tab and then click either Add Program or Add Port to create exceptions for the Oracle software.

    • From the command prompt, use the netsh firewall add... command.

    • When Windows notifies you that a foreground application is attempting to listen on a port, and gives you the opportunity to create an exception for that executable file. If you choose the create the exception in this way, the effect is the same as creating an exception for the executable file either through Control Panel or from the command line.

The following sections list the Oracle Database 11g release 2 (11.2) executable files that listen on TCP ports on Windows, along with a brief description of the executable file. It is recommended that these executable files (if in use and accepting connections from a remote, client computer) be added to the exceptions list for the Windows Firewall to ensure correct operation. In addition, if multiple Oracle homes are in use, firewall exceptions may have to be created for the same executable file, for example, oracle.exe, multiple times, once for each Oracle home from which that executable file loads.