Troubleshooting
Problem
A Guardium policy rule has the following actions: 1. Alert per match 2. STAP terminate. When an Oracle user connects using TCPS protocol, although the rule is matched and the alert is generated, the connection is not terminated. Connections without TCPS are terminated as expected.
Environment
Database connection: Oracle using TCPS
Sample TCPS connection URL:
sqlplus testuser@ '(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=192.168.1.20)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=xe)))'
Resolving The Problem
TCPS traffic is sent to the collector using ATAP and Guardium does not support TERMINATE actions with ATAP.
[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Data-Level Access Control","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21984661