Time out Oracle sessions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Time out Oracle sessions

Hi,

 

We have problems with time-outs in Oracle connections. We are seeing how the BBDD sends keep alives and in the FW is increased the number of packets when passing the keep-alive packet, but following one of these connections, in one of them we did not see increase the number of packets in the firewall, And the time to live of the session is not reset. We see how the server restarted its time to send a keep alive again. And we have some sessions that the firewall cuts by time-out.

 

Reviewing Release Notes, we've seen a bug that might be affecting us. This bug is solved in 7.1.6 PanOS:
PAN-64727: Fixed an issue where the firewall changed the sequence numbers of forwarded TCP keep-alive packets

 

Im not sure if this bus ia applying to us and causing this problem in 7.0.x. This problem will be solved in last panos in 7.0.x???

2 REPLIES 2

Cyber Elite
Cyber Elite

@Es_tecsupportsecurity,

That specific bug number does not appear to be affecting 7.0.*, however the bug itself could have been given a seperate number. I did a quick scan through the release notes and didn't notice anything specific to keep-alive that seemed relavent to your issue. 

I would reach out to your SE or contact TAC and see if it was a bug that actually effects 7.0.* and if it is if there is even a plan to backport the fix to 7.0

L4 Transporter

Oracle and firewalls in general, in my expereince, don't play that well together.  In our environment we had to extend the session timeout in the app-id to a ridiculous number so that sessions wouldn't drop.  Alot of this seems to surroud the use of connection pooling where Oracle opens connections for use ahead of time to improve performance.  Firewalls will close these conntections (session timeout) if there is no interesting traffic (I think 6 packets in the session timeout value).  This means that clients may try to connect on ports that were previously closed by the firewall.  We trying setting up keepalives on the Oracle side of the house, but I was having issues getting any help from our developers in general at that time (over a year ago) as they managed the server settings.

 

I would recommend as a troubleshooting step overriding the app-id session timeout for Oracle to like 8 hours and see if you still have the issue.  Just some food for thought.

 

-Matt

  • 2713 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!