This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Disable session timeout for Orcale application

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Disable session timeout for Orcale application

raji_toor
L4 Transporter

‎06-30-2017 12:49 PM

How to disable session timeout for an application completely? In my case its Oracle that i want to disable timeout for.

Its breaking the database connection for our application. And what would setting tcp timeout value of zero for an app would do?

0 Likes Likes
2 REPLIES 2

acc6d0b3610eec313831f7900fdbd235
L4 Transporter

‎06-30-2017 02:01 PM

Hi @raji_toor

 

You cannot completely disable the Session timeout options in a specific App-ID, but you can adjust the values to suit your needs.

 

Setup timeout value to zero: A value of 0 indicates that the global session timer will be used, which is 3600 seconds for TCP.
App-ID Timeout.PNG

Session Timeout.PNG

 

 

 

 

 

 

 

 

 

Oracle-App-ID.PNG

 

 https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Change-Session-Timeout-for-TCP-based-Application/ta-p/60915

https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Session-Timeouts/ta-p/68464

 

Here are a couple of options that may help you:

1. Create an application override: Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall. This will help you decrease the latecy of the App-ID engine as the application will not be inspected. Notice, that you still can apply the security profiles through a security policy for inspection.

https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application-... 

 

2. DSRI: DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall to identify the applications running over HTTP. 

I am not sure if it will apply to you as I don't know how this application is being utilized.

https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Using-DSRI-with-the-Palo-Alto-Networks-f...

 

DSIR.PNG

I hope this helps.

 

 

 

raji_toor
L4 Transporter
In response to acc6d0b3610eec313831f7900fdbd235

‎06-30-2017 02:18 PM

Hi @acc6d0b3610eec313831f7900fdbd235

 

Thanks. With Application override i skip content inspection and also with DSRI, though its skipped one way only. My issue is not wether content inspection happens or not. My issue at this time is session should not timeout between 2 specific servers in different zones because of firewall.

0 Likes Likes
  • 2965 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks