The firewall will still have to be configured to accept calls from client's fixed address (meaning that client must have fixed IP, not the one obtained from DHCP).

The problem with firewalls and Oracle database on some OS (prticulary on multthreaded OS like WinNT) is that you can't predict the port on which comunication will be established. Take the following example:

- Your listener is set up to listen on port 1521
- Firewall is configured to accept calls from your client's IP on port 1521
1) Your clients tries to established connection with the database by sending request to port 1521 of the database server
2) Firewall let the call through (it is configured to do so) and listener intercepts the call
3) Listener transfers the request to the database
4) After database checks you are authorised to connect to the database it sends the responce back directly to your client. But database chooses some new port on which the session will be established, let's say it is port 2020. So your client gets the message from your database, saying: You are welcome to connect to the database, we will communicate on port 2020.
5.) Your client obeys the instructions from the database and sends a message to the database server, but this time on port 2020.
6.) This message gets rejected by the firewall, because it can accept only messages through port 1521, not through 2020.
7.) As a result, the database connection is not established.

By "fixing" dispatcher's port you just make sure the whole communication will be conducted only on this port, not through some arbitrary port choosen by the database. You are not opening any hole in the firewall.