Solved

Oracle 10g Session Being Dropped By Firewall

Posted on 2009-04-14
6
1,263 Views
Last Modified: 2013-12-18
Hello...
I'm having a problem with "idle sessions" being dropped by our Firewall. When a database client connects to Oracle 10g sitting behind the firewall all is good and fine. But when the database client goes idle for 10 minutes, the Firewall sees no traffic and drops the connection.

I added "sqlnet.expire_time=2" to the sqlnet.ora configuration file but with no effect whatsoever.

Does anyone have any ideas or thoughts to resolve this problem?

Thx!
Ken
0
Comment
Question by:kencrest
  • 3
  • 3
6 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 24137980
how long do you want the session to be open for? what port is it running over? what type and OS version firewall are you runing?
0
 

Author Comment

by:kencrest
ID: 24138100
We are running Oracle 10g on Windows Server 2003. We are using a Cisco ASA Firewall. The firewall is set to time out idle sessions at 10 min. So when someone gets up from their chair to go get a cup of coffee or take a phone call, their idle time could range. I don't want it ever to timeout the database sessions. I want Oracle to be able to "successfully" send its Oracle probe packets thru the firewall to the database clients. I'm using the sqlnet.expire_time=2 value to send probe packets every 2 minutes. But its having no effect. We are communicating over port 1521 for PC and port 5000 for Macintosh.

Thx
Ken
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 24141097
How to do it in in Oracle  - I wouldnt have a scooby doo - thats a bit to sandal wearingly difficult for me.
To do it on the ASA - then you would need to create an inspection map for Ports 1521 and 5000
i.e. locate the ACL allowing traffic and find out what its name is
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 1521
access-list FIND_OUT _WHAT_ITS_CALLED extended permit tcp {from} {to} 5000
Then I will assume its called allow_oracle but yours will be something else you will need to create a traffic class for this ACL I will call this class map ORACLE

class-map ORACLE
match access-list allow_oracle
Then create  a policy and apply the class to it I'll call it ORACLE_POLICY
policy-map ORACLE_POLICY
class ORACLE
set connection timeout tcp 9:00:00 reset
Note: this will set the timeout to 9 hours mess about till you get it correct.
Finally apply that Policy to an interface (You can have one policy per interfaca and one global policy)
service-policy ORACLE_POLICY interface outside
Note: your inteface may be different - I'm assuming people access oracle from outside - but assumption is the mother of all bollox ups so check :)
 
Dont forget to save the config - sit back light your pipe and admire your handiwork :)
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:kencrest
ID: 24197651
Hi Pete,
Sorry for the delay in getting back to you. Its been crazy. Just want to let you know that your idea was FANTASTIC and really helped a lot. Thanks very much for detailing out your explanation. I liked your sense of humor too! Thanks again!

Best Regards,
Ken
0
 

Author Closing Comment

by:kencrest
ID: 31569857
Great answer!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 24198261
:) My Pleasure - ThanQ
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows how to recover a database from a user managed backup

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now