After inactive connections are closed between Enforce Server and its Oracle database instance, connectivity from Enforce to the Cloud Service Gateway is being interrupted.
Release : 16.0
A limitation in our Enforce Server management console was allowing connections to go inactive and when these were closed by network firewall the Enforce Server lost connectivity to the Cloud Service until services were restarted.
A fix available in DLP 16.0 MP2 enables connections to be configured to closed by our Java processes, after a set period of inactivity.
This should prevent interruptions to established connections such as those from the Enforce Server, to Oracle Database, as well as to the Cloud Service.
Symantec Data Loss Prevention 16.0 MP2 introduces the new CONNPOOL_INACTIVE_TIMEOUT property that you can configure in the ConnectionPool.properties file on the Enforce Server.
To alter the currently problematic behavior of infinite idle connections, you can alter the ConnectionPool.properties value as suggested below - updating the settings shown in green:
# Properties file for use by Oracle-THIN Connection Pool.# The minimum number of connections that can remain idle in the pool, without extra ones being created, or zero to create none
CONNPOOL_MIN_LIMIT=10
# The maximum number of active connections that can be allocated from this pool at the same time, or non-positive for no limit
CONNPOOL_MAX_LIMIT=50
# The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned, or -1 to wait indefinitely
CONNPOOL_MAX_WAIT=2000
# Inactive connection timeout in seconds, how long an available connection remains in the connection pool before it is removed from the pool
CONNPOOL_INACTIVE_TIMEOUT=0
The last setting in bold is a new option in 16.0 MP2 and later. The default setting of "0" means idle connections never close.
To implement this new option:
This setting is only available to customers on DLP version 16.0 MP2 and after.
This KB is to supplement the new feature which is written up as a Help Center topic:
New Connection Pool Property for Detection Servers (broadcom.com)