Databases
cancel
Showing results for 
Search instead for 
Did you mean: 

Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Bibi
Occasional Contributor

Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

We did an Oracle upgrade from 8.1.5 to 8.1.7. Our HP-UX 9000 box running 11.0 where the Oracle DB resides is inside the HP firewall. When we try to connect to our external boxes using 8.1.7, we get a "ORA-12535: TNS:operation timed out" error. However, when we run the 8.1.5 version, we are fine. We did test the firewall, and it does appear to be fine. We are not sure what is causing our TNS failure, but we suspect a compability issue between the new version and the firewall, but still don't know.

Has any experienced this similar type of errors or does anyone have any suggestions for debugging?
9 REPLIES
Patrick Wallek
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Did you check the firewalls log files to see if it is perhaps blocking access? It sounds like you may be using a different TCP port for communication with Oracle 8.1.7 and that particular port is not open through the firewall.
Jeff Schussele
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Hi Bibi,

Are you running BOTH Oracle versions on the system simultaneously?
The standard listener port is 1521. Is the second instance using *another* listener port & that one's not defined in the firewall ruleset?

Check the tnsnames.ora file for the SID definitions to determine whether this might be the case.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Bibi
Occasional Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

The TCP Ports we use are 1521 and 1523. We have not changed the config files since the 8.1.5 upgrade. Everything stayed the same.
Jeff Schussele
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Well, if you've got both standard listener ports defined in the FW rulesets & you've verified that 8.1.7 is using *one* of these ports, then I'd suspect that 8.1.7 is using a different set of higher ports.
I'm not a DBA, but I know that only the initial connection occurs on the 152x port & then client/server negotiate what higher port to conduct the rest of the session on.
You should have your DBA verify just *what* set of higher ports 8.1.7 is configured to use. It's also possible that you have a higher number of connections now & your firewall ruleset for these higher ports needs to be expanded to accomodate the higher connection count.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Stan_17
Valued Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Hi there,

Just to confirm its a firewall compatibility issue, were you able to connect the database from outside firewall, when the listener runs from 8.1.5 instead of 8.1.7 OH ? Does your firewall support sql*net ? if it doesn't then look at metalink post 125021.1 for further information as how to resolve this issue. Connection manager is what you need to look at.

Stan
Brian Crabtree
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Bibi,

If I understand you correctly, this is an internal HP server that you are trying to connect to an external HP server through the firewall. If so, go ahead and contact me via email, or call me via telnet, and I will try to walk you through the most likely scenerio.

Thanks,

Brian
T G Manikandan
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

I have one more question?

"connect to our external boxes using 8.1.7"

From the above statement I assume that you are using HPUX as client.
Are you connecting to a database on Windows.

If that is the case then do u have the registry entries

USE_SHARED_SOCKET = TRUE
in HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE

Else what is the value of the parameter CONNECT_TIMEOUT in the listener.ora file.
you should enable the tracing
Enable the listener tracing on the server

using
LSNRCTL> SET TRC_LEVEL 16

Also HPUX side in the sqlnet.ora enable the client level tracing using

TRACE_LEVEL_CLIENT=16
TRACE_DIRECTORY_CLIENT= LOG_DIRECTORY_CLIENT=

Also check the attachment
Steven E. Protter
Exalted Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

I would try shutting down the firewall for a few seconds and see if it helps.

I think you'll find it doesn't.

You should be able to have multiple database instances with different ORACLE_HOME and ORACLE_SID listening on the same port.

I would suggest you post up your tnsnames.ora file and the results of tnsping with the two instances set in the ORACLE var's noted above.

I think you might find tnsping doesn't work and returns an error that will lead you to a solution.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Indira Aramandla
Honored Contributor

Re: Oracle upgrade from 8.1.5 to 8.1.7 caused connectivity issues with Firewall

Did you test the connection by TNSPING utility. If this was Ok then use the parameter "USE_SHARED_SOCKET" w
When ever you make change in the registry, config files, all running Oracle instances should be restarted and you need to restart the listener. Once you have started the instance, stop the listener and start the listener.

And one more thing after upgrdae did you update your listener.ora file with the new oracle_home for the SID upgraded.

Never give up, Keep Trying