Disable session timeout for Orcale application

cancel
Showing results for 
Search instead for 
Did you mean: 

Disable session timeout for Orcale application

L4 Transporter

How to disable session timeout for an application completely? In my case its Oracle that i want to disable timeout for.

Its breaking the database connection for our application. And what would setting tcp timeout value of zero for an app would do?

2 REPLIES 2

L4 Transporter

Hi @raji_toor

 

You cannot completely disable the Session timeout options in a specific App-ID, but you can adjust the values to suit your needs.

 

Setup timeout value to zero: A value of 0 indicates that the global session timer will be used, which is 3600 seconds for TCP.
App-ID Timeout.PNG

Session Timeout.PNG

 

 

 

 

 

 

 

 

 

Oracle-App-ID.PNG

 

 https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Change-Session-Timeout-for-TCP-based-Application/ta-p/60915

https://live.paloaltonetworks.com/t5/Featured-Articles/Tips-amp-Tricks-Session-Timeouts/ta-p/68464

 

Here are a couple of options that may help you:

1. Create an application override: Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall. This will help you decrease the latecy of the App-ID engine as the application will not be inspected. Notice, that you still can apply the security profiles through a security policy for inspection.

https://live.paloaltonetworks.com/t5/Learning-Articles/Tips-amp-Tricks-How-to-Create-an-Application-... 

 

2. DSRI: DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall to identify the applications running over HTTP. 

I am not sure if it will apply to you as I don't know how this application is being utilized.

https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Using-DSRI-with-the-Palo-Alto-Networks-f...

 

DSIR.PNG

I hope this helps.

 

 

 

Hi @Willian

 

Thanks. With Application override i skip content inspection and also with DSRI, though its skipped one way only. My issue is not wether content inspection happens or not. My issue at this time is session should not timeout between 2 specific servers in different zones because of firewall.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!