SQLNET2 Traffic policy rule is defined by the host and original SQLNET application server with service tcp sqlnet2-1521. SQLNET2 traffic that contains a REDIRECT request to a new IP address or port to redirected IP address is being dropped by the firewall due to a bug in the SQLNET2 Protocol parser.

The only rule that should be needed is between the host and original application server. The protocol parser should be able to inspect the payload of the redirect packet and dynamically open a pinhole to allow the redirected connection.