troubleshooting Question

How do I allow port 1521 traffic from one vlan subnet to another vlan subnet behind a Watchguard

Avatar of kevin_rm
kevin_rmFlag for United States of America asked on
Oracle DatabaseNetworkingHardware Firewalls
11 Comments1 Solution1618 ViewsLast Modified:
I have a Watchguard firewall XTM 505 that was just deployed.  There are multiple Vlans on a single interface all being tagged.

Trusted interface has
Vlan 1 -
Vlan 10 -

There is an application server on vlan 1 with an ip of that needs to communicate to an Oracle DB server that is on vlan 10 with an ip

Both interfaces can ping each other successfully.  Performing a TNSPing to Oracle DB from App fails (TNSping from to fails).

When a connection attempt is made from (App) the following log errors show and a connection is never made.

2010-09-28 18:26:45 Deny 1521/tcp 1681 1521 vlan1 Firebox tcp syn checking failed 292 128 (Internal Policy) proc_id=''firewall'' rc=''101'' tcp_info=''offset 5 A 1161290063 win 65535'' Traffic

Disabling TCP Syn Check did not provide good results.

I attempted to add a rule for port 1521 that allowed from App Server to Oracle DB server that did not work either.

I did not change any NAT or add any routes.  

What rules should be applied, whats routes should be built or how should I apply a change in NAT to allow my app server on vlan 1 to communicate with DB server on vlan 2
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 11 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros