Solved

Oracle 10g Session Being Dropped By Firewall

Posted on 2009-04-14
6
1,299 Views
Last Modified: 2013-12-18
Hello...
I'm having a problem with "idle sessions" being dropped by our Firewall. When a database client connects to Oracle 10g sitting behind the firewall all is good and fine. But when the database client goes idle for 10 minutes, the Firewall sees no traffic and drops the connection.

I added "sqlnet.expire_time=2" to the sqlnet.ora configuration file but with no effect whatsoever.

Does anyone have any ideas or thoughts to resolve this problem?

Thx!
Ken
0
Comment
Question by:kencrest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 24137980
how long do you want the session to be open for? what port is it running over? what type and OS version firewall are you runing?
0
 

Author Comment

by:kencrest
ID: 24138100
We are running Oracle 10g on Windows Server 2003. We are using a Cisco ASA Firewall. The firewall is set to time out idle sessions at 10 min. So when someone gets up from their chair to go get a cup of coffee or take a phone call, their idle time could range. I don't want it ever to timeout the database sessions. I want Oracle to be able to "successfully" send its Oracle probe packets thru the firewall to the database clients. I'm using the sqlnet.expire_time=2 value to send probe packets every 2 minutes. But its having no effect. We are communicating over port 1521 for PC and port 5000 for Macintosh.

Thx
Ken
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 24141097
How to do it in in Oracle  - I wouldnt have a scooby doo - thats a bit to sandal wearingly difficult for me.
To do it on the ASA - then you would need to create an inspection map for Ports 1521 and 5000
i.e. locate the ACL allowing traffic and find out what its name is
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 1521
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 5000
Then I will assume its called allow_oracle but yours will be something else you will need to create a traffic class for this ACL I will call this class map ORACLE

class-map ORACLE
match access-list allow_oracle
Then create  a policy and apply the class to it I'll call it ORACLE_POLICY
policy-map ORACLE_POLICY
class ORACLE
set connection timeout tcp 9:00:00 reset
Note: this will set the timeout to 9 hours mess about till you get it correct.
Finally apply that Policy to an interface (You can have one policy per interfaca and one global policy)
service-policy ORACLE_POLICY interface outside
Note: your inteface may be different - I'm assuming people access oracle from outside - but assumption is the mother of all bollox ups so check :)
 
Dont forget to save the config - sit back light your pipe and admire your handiwork :)
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 

Author Comment

by:kencrest
ID: 24197651
Hi Pete,
Sorry for the delay in getting back to you. Its been crazy. Just want to let you know that your idea was FANTASTIC and really helped a lot. Thanks very much for detailing out your explanation. I liked your sense of humor too! Thanks again!

Best Regards,
Ken
0
 

Author Closing Comment

by:kencrest
ID: 31569857
Great answer!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24198261
:) My Pleasure - ThanQ
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This video shows how to Export data from an Oracle database using the Original Export Utility.  The corresponding Import utility, which works the same way is referenced, but not demonstrated.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question