Oracle Database Firewall Test Environment

I’ve tried to have a closer look into the new Oracle Database Firewall. Unfortunately I’ve struggled around already with the installation or more with the setup of the test environment. But lets start at the beginning. According to the Installation Guide Oracle® Database Firewall Installation Guide Database Firewall and Management Server has the following hardware requirements:

  • Oracle Enterprise Linux 5 Update 5
  • 1 GB Memory
  • 80 GB of disk space
  • Three network ports

First Steps

Because I planned to set up the Database Firewall in in-line mode, therefor I’ve decided to setup three VM’s. a Database Server, a Windows Client and the Database Firewall VM (see picture further down). All VM’s has been configured with network interface type host-only. I’ve just assumed that the TCP/IP network (eg. subnet’s) can be configured a bit later and I’ve “overread” that the Database Firewall is working as a network bridge rather than a router. So I’ve ended up with a network bridge where both ports have been connected to the same switch. If I would have to setup the test environment physically I would never get the idea to do this 🙂


Configure the in-line mode means setting up a transparent network bridge between two physical separated network. The IP network is the same as without Database Firewall.

For my test environment on VMWare Fusion I’ve created a second host-only network vmnet2. VMWare Workstation has a utility to add more network’s but on VMWare Fusion this has to be done manually (config files or with This second network has the same IP range and network mask as the vmnet1, but it is only available through the database firewall. That means on the host system is no routing configured.
As you can see in the image below, the Database VM and on interface of the Database Firewall are configured to use vmnet2. The two other interface on the Database Firewall as well the Windows Client VM are configured to use vmnet1.

Demo Infrastruktur

As soon as the VM’s are configured with the right networks, it is an easy task to install and configure the Database Firewall according the short Documentation (Installing Oracle Database Firewall ).

Since I have now a running test environment I’ll start to make a few test with the Database Firewall. Stay tuned to read more….

6 thoughts on “Oracle Database Firewall Test Environment

  1. Pingback: Oracle Database Firewall Test Environment2 | OraDBA

  2. Umair

    Started installation as follows:
    1. Create a VM machine with 80GB HDD(pre-allocated), 3 NICs, 1GB RAM, 1 Processor.
    2. Boot the machine with disc labelled “dbfw-installer-disc1-multi-5.0-114.iso
    3. On its prompt I then provide OEL 5u5 CD1of5
    4. Then it gave error message as follows:
    “Error Partitioning”
    Could not allocate partitions as sprimary partition
    Not enough space to create partition /boot
    I am shocked that why it is giving this message as the VM machine has full 80GB space!!!

    Any help/clue will be really appreciated.

    Thanks in advance.

  3. StefanStefan Oehrli Post author


    Try to create your VM with a 100GB VM Disk which is not pre-allocated. I think the setup will check for 100G rather than 80GB. Due to the fact that the disk is not pre allocated VMWare is just allocating what is necessary. My root disk is currently about 13GB


  4. Umair

    Hello Stefan,

    The issue resolved with 80GB size(without pre-allocation). Initially the hard disk was of SCSI type on my VM machine but I then changed that to IDE it moved forward and now I had installed Oracle Database Firewall on one machine, Oracle Database Firewall Management Server on another machine and Oracle Database 11gR2 on third VM machine After that I had some points in my mind to be cleared and they too have been cleared from your detailed reply on “”

    Thanks alot and Take care,


  5. Oracle Dummy

    Hi Stefan,

    I am trying to install the DBFW in a virtual environment and have successfully completed the steps until “ORACLE Database Firewall Tutorial – Part4: Integration Standalone Firewall With Management Server”. What befuddles me more is to how did we get from Part 1 to Part 4 without being able to configure *network settings” on each of the three VMs listed below ?
    1. FWMS (Management Server)
    2. DBFW (Firewall with three network interfaces)
    3. Analyzer (Windows Server 2008 R2 VM)

    I am using VM Workstation 8 and the latest updated editions of DBFW and compatible Oracle Enterprise Linux. I created a host-only network on VMWare and I am able to connect (more specifically ping) FMWS from Analyzer. I put every single interface on DBFW on the same subnet, which I think is part of the problem. I didn’t understand the phrase “in-line” as described in

    Please help me in getting the VMs to talk to each other so that we can proceed further to creating a DBFW demo environment on VMware.


    Oracle DBFW Dummy

  6. StefanStefan Oehrli Post author


    In-line mean’s that the DB Firewall is between the Client and the Database Server. If you “switch” of the firewall the client can not see the DB server anymore. If you but all 3 VM to the same network it does not work. I’ve used for my test environment 2 different VM Network’s. NAT, Bridged and Host only does not work. The first VM Network I’ve created as a host only network and assigned the NIC’s of the DB server and one NIC of the firewall. The second network is as well a host only network with the client NIC and on NIC of the firewall. Both of this network use the same IP range but are different VM Network e.g. vmnet1 and vmnet2. On Windows you have to use the VMWare network configuration assistant to create additional VM networks. If you use NAT or Bridged network your DB firewall is “short circuited” over your VMWare Workstation. The only physical connection between the client / db server must be the db firewall.

    I hoppe this help to reach part 4. By the way, I did my tests with Oracle Database Firewall 5.0. I know that there is a new release 5.1 on OTN. So fare I’ve did not had time to test it. According the documentation there is a new mode where you can use the firewall as proxy.


Comments are closed.