Oracle Web Cache/Proxy fails when behind Palo Alto Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Oracle Web Cache/Proxy fails when behind Palo Alto Firewall

L1 Bithead

I have a situation where by when an Oracle Web Cache server is placed behind a PA firewall, the application takes time to load or fails in some cases. The design is as followins;

Windows 7 Client --> Routers  --> PaloAlto Firewall --> Radware Loadbalancer port 80 (VIP)  --> Oracle WebCache Server port 7777  --> Backend Oracle Apps.

 

I have allowed all traffic and stripped down the firewall to minimum configs.

 

What could be the problem?

3 REPLIES 3

L1 Bithead

From the traffic logs I see the traffic is allowed to cross through

can you provide some more details ? is the loadbalancer masking the server IP with a floating one, could return traffic originate from a different loadbalancer?

if you set a filter (debug dataplane packet-diag set filter...) and look at the global counters corresponding to your sessions (show counter global filter packet-filter yes), are you seeing any packets getting dropped ?

 

 

you could try running a packetcapture or flow basic to gain more visibility on what is happening on the dataplane: Getting Started: Flow Basic

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L7 Applicator

I've seen this type of issue when the load balancer is setup in a way that allows asymmetrical routing.  Here is the RADware document that describes the issue and how to avoid this in their load balancer.

 

http://kb.radware.com/Questions/AppDirector/Public/What-is-Segmentation

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2301 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!