Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
3
Replies

PIX blocking JAVA applet

briley
Level 1
Level 1

‎03-08-2005 02:13 PM - edited ‎02-21-2020 12:00 AM

I have a customer that for some reasons can not access any java appletes behined thier PIX firewall. They do not have any filtering setup and it is not being blocked by any access lists. I have tried three diffrent pc's and diffrent websites, even a test your browser website and they all fail. On the PC in the debug of the java console it has messages like the connection is being reset. I looked and this seems like a common problem with java connections and firewalls but there are no fix's mentioned. Does anyone have any ideas on where to start with this. I would be open for anything.

0 Helpful
3 Replies 3

Patrick Iseli
Level 7
Level 7

‎03-08-2005 04:11 PM

The only way how a PIX would block Java applets is with:

--------------------------------------------------

filter java

The filter java command filters out Java applets that return to the PIX Firewall from an outbound connection. The user still receives the HTML page, but the web page source for the applet is commented out so that the applet cannot execute. Use 0 for the local_ip or foreign_ip IP addresses to mean all hosts.

Note If Java applets are known to be in tags, use the filter activex command to remove them.

To specify that all outbound connections have Java applet blocking, use the following command:

filter java 80 0 0 0 0

This command specifies that the Java applet blocking applies to Web traffic on port 80 from any local host and for connections to any foreign host.

The following example specifies that Java applet blocking applies to web traffic on port 80 from local subnet

10.10.10.0 and for connections to any foreign host:

filter java http 10.10.10.0 255.255.255.0 0 0

--------------------------------------------------

Otherwise the PIX will forward that traffic if not blocked by a content filter application as WEBSENSE or N2H2 or a Proxy server or an access-list that blocks the protocol.

sincerely

Patrick

0 Helpful

briley
Level 1
Level 1
In response to Patrick Iseli

‎03-09-2005 06:08 AM

Well unfortuanatly none of those commands are in the pix. They are not using websense or N2H2. They still can not get to any java based apps through thier pix. And I belive the pix must be the problem here because I can get to the pages just fine. Can anyone else offer any suggestions at all? Does anyon know of any other things I can look at for this?

0 Helpful

stalljh
Level 1
Level 1
In response to briley

‎03-10-2005 09:52 AM

OK - So did this problem start right after the installation of the pix? Can you get in front of the pix on the wire with a laptop and then see if Java works? Are you using a proxy web server? I would try to make sure it is the PIX before assuming that it definitely is. If you can't get in front of the pix, then during down time....put the IP address of the outside interface of the PIX on your laptop with the correct Subnet, gateway, DNS, etc., and unplug the outside interface of the PIX and plug it into your laptop. (Do this during downtime, of course because the internet will go down). Check the laptop to see if you can get JAVA through. If you can, then put the PIX back together and changing your laptop to dhcp or another inside address, then get on a switch behind the PIX and see if the JAVA does not come up. If so, then yeah...maybe the PIX is the culprit.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card