How to disable session timeout for an application completely? In my case its Oracle that i want to disable timeout for.
Its breaking the database connection for our application. And what would setting tcp timeout value of zero for an app would do?
You cannot completely disable the Session timeout options in a specific App-ID, but you can adjust the values to suit your needs.
Setup timeout value to zero: A value of 0 indicates that the global session timer will be used, which is 3600 seconds for TCP.
Here are a couple of options that may help you:
1. Create an application override: Application Override is where the Palo Alto Networks firewall is configured to override the normal Application Identification (App-ID) of specific traffic passing through the firewall. This will help you decrease the latecy of the App-ID engine as the application will not be inspected. Notice, that you still can apply the security profiles through a security policy for inspection.
2. DSRI: DSRI is used in environments where internal servers are trusted and protected by the firewall. In these cases, content inspection can be configured for only client to server (internet users to internal servers) traffic using the DSRI option. By doing this, the Server to Client flow (internal servers to internet clients) is skipped after sufficient data has been inspected by the firewall to identify the applications running over HTTP.
I am not sure if it will apply to you as I don't know how this application is being utilized.
I hope this helps.
Thanks. With Application override i skip content inspection and also with DSRI, though its skipped one way only. My issue is not wether content inspection happens or not. My issue at this time is session should not timeout between 2 specific servers in different zones because of firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!