Solved

Oracle 10g Session Being Dropped By Firewall

Posted on 2009-04-14
6
1,270 Views
Last Modified: 2013-12-18
Hello...
I'm having a problem with "idle sessions" being dropped by our Firewall. When a database client connects to Oracle 10g sitting behind the firewall all is good and fine. But when the database client goes idle for 10 minutes, the Firewall sees no traffic and drops the connection.

I added "sqlnet.expire_time=2" to the sqlnet.ora configuration file but with no effect whatsoever.

Does anyone have any ideas or thoughts to resolve this problem?

Thx!
Ken
0
Comment
Question by:kencrest
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 24137980
how long do you want the session to be open for? what port is it running over? what type and OS version firewall are you runing?
0
 

Author Comment

by:kencrest
ID: 24138100
We are running Oracle 10g on Windows Server 2003. We are using a Cisco ASA Firewall. The firewall is set to time out idle sessions at 10 min. So when someone gets up from their chair to go get a cup of coffee or take a phone call, their idle time could range. I don't want it ever to timeout the database sessions. I want Oracle to be able to "successfully" send its Oracle probe packets thru the firewall to the database clients. I'm using the sqlnet.expire_time=2 value to send probe packets every 2 minutes. But its having no effect. We are communicating over port 1521 for PC and port 5000 for Macintosh.

Thx
Ken
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 24141097
How to do it in in Oracle  - I wouldnt have a scooby doo - thats a bit to sandal wearingly difficult for me.
To do it on the ASA - then you would need to create an inspection map for Ports 1521 and 5000
i.e. locate the ACL allowing traffic and find out what its name is
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 1521
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 5000
Then I will assume its called allow_oracle but yours will be something else you will need to create a traffic class for this ACL I will call this class map ORACLE

class-map ORACLE
match access-list allow_oracle
Then create  a policy and apply the class to it I'll call it ORACLE_POLICY
policy-map ORACLE_POLICY
class ORACLE
set connection timeout tcp 9:00:00 reset
Note: this will set the timeout to 9 hours mess about till you get it correct.
Finally apply that Policy to an interface (You can have one policy per interfaca and one global policy)
service-policy ORACLE_POLICY interface outside
Note: your inteface may be different - I'm assuming people access oracle from outside - but assumption is the mother of all bollox ups so check :)
 
Dont forget to save the config - sit back light your pipe and admire your handiwork :)
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:kencrest
ID: 24197651
Hi Pete,
Sorry for the delay in getting back to you. Its been crazy. Just want to let you know that your idea was FANTASTIC and really helped a lot. Thanks very much for detailing out your explanation. I liked your sense of humor too! Thanks again!

Best Regards,
Ken
0
 

Author Closing Comment

by:kencrest
ID: 31569857
Great answer!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24198261
:) My Pleasure - ThanQ
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.
This video shows how to copy an entire tablespace from one database to another database using Transportable Tablespace functionality.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now