Axton,
Appreciate your input! I should have mentioned that we've been up and down that highway and haven't seen a blasted thing. (apologies to Glen Frey) What you are saying is exactly what I thought and we've disabled the idle timeout on the firewall. I know this may not be the same thing as preventing the firewall from using a state table but the firewall admin tells us he now sees idle connections with idle times > 60 minutes. So, we're kind of thinking we've eliminated the firewall as a cause...although we may not have, we aren't pursuing that any longer. Actually, now that I re-read your post I don't think putting a specific rule will side-step state checking. The purpose of a state table on a firewall is to speed up handling of traffic by allowing already known good traffic to pass without undergoing validation against the rulebase for every packet. Adding a rule that allows a single port connection, which is what we had before, doesn't stop the state table from functioning. In fact, it may actually be what causes the connection to be put in the state table in the first place, no? Also, turning the firewall into, effectively, a packet-based firewall might have a detrimental affect on network throughput not only between AR and Oracle but for any other connections on that firewall due to increased overhead...or am I wrong? Additionally, we the firewall admin put in ANY<->ANY rule in place a few nights ago and the problem is still occurring. I'd hoped that this would circumvent the state table but it apparently doesn't. I don't suppose there is a AR-based solution? We could keep trying changes on the network until we effectively distroy any semblance of the original network design but that wouldn't mollify anyone. In fact, it may have the opposite affect. We talked to BMC a few weeks ago and they told us "theoretically" that it would be possible to write a custom API that would run custom workflow (neither of which they could give us) that would hit all of the server's Oracle connections at the same time often enough to prevent anything from seeing them as idle. Does this sound like a good approach to anyone? Any and all thoughts and comments are welcome! Thanks! J.T. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"