• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1325
  • Last Modified:

Oracle 10g Session Being Dropped By Firewall

Hello...
I'm having a problem with "idle sessions" being dropped by our Firewall. When a database client connects to Oracle 10g sitting behind the firewall all is good and fine. But when the database client goes idle for 10 minutes, the Firewall sees no traffic and drops the connection.

I added "sqlnet.expire_time=2" to the sqlnet.ora configuration file but with no effect whatsoever.

Does anyone have any ideas or thoughts to resolve this problem?

Thx!
Ken
0
kencrest
Asked:
kencrest
  • 3
  • 3
1 Solution
 
Pete LongConsultantCommented:
how long do you want the session to be open for? what port is it running over? what type and OS version firewall are you runing?
0
 
kencrestAuthor Commented:
We are running Oracle 10g on Windows Server 2003. We are using a Cisco ASA Firewall. The firewall is set to time out idle sessions at 10 min. So when someone gets up from their chair to go get a cup of coffee or take a phone call, their idle time could range. I don't want it ever to timeout the database sessions. I want Oracle to be able to "successfully" send its Oracle probe packets thru the firewall to the database clients. I'm using the sqlnet.expire_time=2 value to send probe packets every 2 minutes. But its having no effect. We are communicating over port 1521 for PC and port 5000 for Macintosh.

Thx
Ken
0
 
Pete LongConsultantCommented:
How to do it in in Oracle  - I wouldnt have a scooby doo - thats a bit to sandal wearingly difficult for me.
To do it on the ASA - then you would need to create an inspection map for Ports 1521 and 5000
i.e. locate the ACL allowing traffic and find out what its name is
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 1521
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 5000
Then I will assume its called allow_oracle but yours will be something else you will need to create a traffic class for this ACL I will call this class map ORACLE

class-map ORACLE
match access-list allow_oracle
Then create  a policy and apply the class to it I'll call it ORACLE_POLICY
policy-map ORACLE_POLICY
class ORACLE
set connection timeout tcp 9:00:00 reset
Note: this will set the timeout to 9 hours mess about till you get it correct.
Finally apply that Policy to an interface (You can have one policy per interfaca and one global policy)
service-policy ORACLE_POLICY interface outside
Note: your inteface may be different - I'm assuming people access oracle from outside - but assumption is the mother of all bollox ups so check :)
 
Dont forget to save the config - sit back light your pipe and admire your handiwork :)
0
How to change the world, one degree at a time.

By embracing technology, we can solve even the biggest problems—including the gender gap.  By earning a degree from WGU, you have an opportunity to gain the knowledge, credentials, and experience it takes to thrive in today’s high-growth IT industry.

 
kencrestAuthor Commented:
Hi Pete,
Sorry for the delay in getting back to you. Its been crazy. Just want to let you know that your idea was FANTASTIC and really helped a lot. Thanks very much for detailing out your explanation. I liked your sense of humor too! Thanks again!

Best Regards,
Ken
0
 
kencrestAuthor Commented:
Great answer!
0
 
Pete LongConsultantCommented:
:) My Pleasure - ThanQ
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now