ODSEE access log not recording client ip instead its recording floating ip - Danish Oracle User Group (DOUG)

Hi All, We have ODSEE environment which is placed behind load balance.In our access log client ips are not getting recorded instead we see only floating ips.How can we get this resolved. thanks


Oracle bare metal instance - can't connect with RDP

Hi everyone, I'm creating a Windows baremetal server using image Windows-Server-2012-R2-Standard-Edition-BM-2017.04.13-0 but I'm not being able to connect to the instance using RDP. Below are the rules I created in the subnet. Any help will be appreciated.   I noted the following message in the instance details "This Instance's traffic is controlled by its firewall rules in addition to the associated Subnet's Security Lists.", however I assume this is referring to the firewall rules that are configured within the instance's Operating System. Thanks
Your source port has to be All and not 3389 and you only need Ingress rule.  Heres is an example: This should fix your problem. 
Thanks for your help. In addition to what you mentioned I was also missing a route table rule.

unable to connect to OCI Windows Instance via RDP

Created a WIndows Instance in OCI. Unabel to connect it via RDP.
Hi, What Oracle product and version are you using?With that information, we can point you to right support community.Regards, Walter Torres
Hi,  In Oracle Cloud Infrastructure (trial version) , I have created a Compute Instance (Windows). Once the environment is provisioned, tried to connect via Remote Desktop Connection using public ip and username as 'opc'. But could not connect, the connection failed with an error message asking to check ip, whether the environment s up or not...etc. I followed all the steps from this link, but still could not connect to it. https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Reference/overviewworkflowforWindows.htm Thanks,
By default, the Compartment security group is only set up for SSH access.You will need to set it up to allow RDP access in order to connect.if you have taken the default options to let Oracle create the compartment for you go to:Networking -> Virtual Cloud Networks -> Virtual Cloud Network Details -> Security ListsEdit the Default security list (or your own if you have set the  instance to use one) and add the following Source: or if you know your external Ip address x.x.x.x/32IP Protocol: TCPSource Port Range: AllDestination Port Range: 3389 
Actually when you create a windows instance, it asks you, if it should automatically modify the security list to enable RDP (port 3389). So you probably forgot to select this. So, or re-create a new instance and make sure you have this selected, or you do have to manually modify the security list for your network (in the networking tap) to enable 3389 
I have the same issue with OCI Compute. I have set up the VCN, the associated Subnet and Security List (Igness rules) for RDP. I then created a Compute Instance and associated to the Security List with the RDP rule. But when the instance is up and running, I still cannot connect with RDP. RDP simply says either the box is not running or it is not enabled with RDP. Can someone help?
Did you try to connect from a mobile network or from your home? It is possible your local network's firewall blocks rdp. Regards.
I assume you are all setting up the VCN manually? Did you create an internet gateway and route rules for the network? I read you all setup networks and security lists, but see no one mention that they also create an internet gateway for their network. I highly suggest for the first time when you create your network you do it fully automatically.  So select:Create Virtual Cloud network PLUS related resources
Windows VM does not automatically allow RDP connections. Please add below Source: Protocol: TCPSource Port Range: AllDestination Port Range: 3389Allows: TCP traffic for ports 3389  This should allow you new RDP connections. Thanks,Vikram
The images provided by Oracle by Default have the terminal server role and ifirewall exceptions to access them via rdp. However you can try using console connection troubleshooting to access the server. Another option is to create a linux servwer with x windows create a vnc session on that and then use a linux based rdp client to test if you can access the windows server using its internal ip address.

database firewall down can client see the database

if database firewall server crashed due to some reason .then client cannot see the database.
then what step should perform so that client can see the database? 
Did you mean from Client can connect to DB or not, Right ?
Client can connect to DB !
I tested ! 
I’m trying to configure a Standalone Database Firewall in-line between the clients and the protected database so it can block some statements. I’ve followed the Installation Guide and the Administration Guide, but can’t get it working. I’ve configured one Enforcement Point with one Protected Database.
I’ve configured Database Firewall with three Ethernet cards:
eth0 is used for Management (IP.
eth1 and eth2 are associated with Bridged interface br0
The protected database is listening in
The clients are in subnet 192.168.1.x.
I’ve configured the Traffic Source br0 with the IP and is enabled as the Traffic Source in the Enforcement Point.
In the configuration file appliance.conf corresponding to the Enforcement Point, I’ve seen the parameter PROXYPORT=1534, so I understand the clients should connect to this port in Database Firewall in order to access the protected database. Is this assumption correct? Is the configuration I’ve done correct? Are there any additional configuration steps that should be made? Is there any documentation about this configuration files? 
Muhammad Touseef
Some statements can block, because depending on the setting of policy
you can create new policy and upload it
try to do 
hi dba-489
but client cannot access the database server and i have configured this environment on physical machines in two different vlans not on vm .

OSGD 5.0: Cannot connect to the SGD client

Hi All, we aren't able to access SGD from an external network. From internal network users are able to connect properlyThe only error message we obtain after introducing user's login and password is:"Cannot connect to the SGD Client on port port:number"where port_number varies (from 1.xx to 5x.xxx) The OSGD version is 5.0. We would really appreciate any help,many thanks in advance,Cristina
I expect you are in 443/5307 mode. So open all firewalls between Client and SGD.if this is not the case: tell us more about your configuration and network.Also the external DNS name can cause issues if it is not configured correctly.
To add to tbasien's response, the complete list of network requirements for SGD are documented in the install guide here.
Hi,it seems a Juniper issue when accessing through SSL.We are still investigating the problem.Thanks for your recomendations,regards

how can I verify that the firewall is actually function?

Hi Guys,  I installed an oracle AVDF demostrate environment on vmware virtual machines with One VM for AV, One for DF, and One hosts the SQL Server 2012, I deployed both the audit vault agent and database firewall policy for the SQL Server secured target, enable the sql server buildin audit feathures. The AV UI report the firewall is in normal status, but I can only find trace data gathered by the agent in activity reports. How can I verify that the firewall is actually function?  Thanks in advance.
hi I suggest to install another VM that can act as a client, use two separate private networks inside VMWare, makesure FW has at least 3 NICs, one for the management interface and the other two you put into the two privatenetworks respectively, then make a bridge in the firewall and configure it so it bridges those 2 NICs on those twoseparate private networks, the client and server host must each be placed into  those separate private networks,I suggest to give them another network card so you can make direct connections and also via the bridge,you can use IP addresses on the same subnet for client and server (of course the IP's differ but they are on thesame subnet, the bridge IP must also be in that subnet), then make sure to open the bridge and when youconnect from the client VM to the server the traffic can be configured to go through the bridge, you can then verify thiswith the capture tool and also to see if you can monitor sql with the firewall. This is known to work using virtualboxand oracle client / server and I don't see how this cannot be done with vmware and a sql server database, greetings, Harm ten Napel