10.1.2 Configure Exceptions for the Windows Firewall

If the Windows Firewall feature is enabled on one or more of the nodes in your cluster, then virtually all transmission control protocol (TCP) network ports are blocked to incoming connections.

Any Oracle product that listens for incoming connections on a TCP port will not receive any of those connection requests and the clients making those connections will report errors unless you configure exceptions for the Windows Firewall. You must configure exceptions for the Windows Firewall if your system meets all of the following conditions:

• Oracle server-side components are installed on a computer running a supported version of Microsoft Windows. The list of components includes the Oracle Database, Oracle Grid Infrastructure, Oracle Real Application Clusters (Oracle RAC), network listeners, or any web servers or services.

• The Windows computer in question accepts connections from other computers over the network. If no other computers connect to the Windows computer to access the Oracle software, then no post-installation configuration steps are required and the Oracle software functions as expected.

• The Windows computer in question is configured to run the Windows Firewall. If the Windows Firewall is not enabled, then no post-installation configuration steps are required.

If all of the above conditions are met, then the Windows Firewall must be configured to allow successful incoming connections to the Oracle software. To enable Oracle software to accept connection requests, Windows Firewall must be configured by either opening up specific static TCP ports in the firewall or by creating exceptions for specific executable files so they can receive connection requests on any ports they choose.

• Use one of the following methods to configure the firewall:

  • Start the Windows Firewall application, select the Exceptions tab and then click either Add Program or Add Port to create exceptions for the Oracle software.

  • From the command prompt, use the netsh firewall add... command.

  • When Windows notifies you that a foreground application is attempting to listen on a port, and gives you the opportunity to create an exception for that executable file. If you choose the create the exception in this way, the effect is the same as creating an exception for the executable file either through Control Panel or from the command line.

The following sections list the Oracle Database 11g release 2 (11.2) executable files that listen on TCP ports on Windows, along with a brief description of the executable file. It is recommended that these executable files (if in use and accepting connections from a remote, client computer) be added to the exceptions list for the Windows Firewall to ensure correct operation. In addition, if multiple Oracle homes are in use, firewall exceptions may have to be created for the same executable file, for example, oracle.exe, multiple times, once for each Oracle home from which that executable file loads.

• Firewall Exceptions for Oracle Database
  For basic database operation and connectivity from remote clients, such as SQL*Plus, Oracle Call Interface (OCI), Open Database Connectivity (ODBC), and so on, you must add executable files to the Windows Firewall exception list.
• Firewall Exceptions for Oracle Database Examples (or the Companion CD)
  After installing the Oracle Database Companion CD, you must add executable files to the Windows Firewall exception list.,
• Firewall Exceptions for Oracle Gateways
  If your Oracle database interacts with non-Oracle software through a gateway, then you must add the gateway executable file to the Windows Firewall exception list. The following table lists the gateway executable files used to access non-Oracle software.
• Firewall Exceptions for Oracle Clusterware and Oracle ASM
  If you installed the Oracle Grid Infrastructure software on the nodes in your cluster, then you can enable the Windows Firewall only after adding certain executable files and ports to the Firewall exception list.
• Firewall Exceptions for Oracle RAC Database
  After installing the Oracle Real Application Clusters (Oracle RAC), you must add executable files to the Windows Firewall exception list.
• Firewall Exceptions for Other Oracle Products
  In additional to all the previously listed exceptions, if you use any of the Oracle software listed in, then you must create an exception for Windows Firewall for the associated executable file.
• Troubleshooting Windows Firewall Exceptions
  If you cannot establish certain connections even after granting exceptions to the executable files, then follow these steps to troubleshoot the installation.