Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
2
Replies

Selective Java applet blocking by external address with PIX?

bhockenhull
Level 1
Level 1

‎04-16-2003 09:57 AM - edited ‎02-20-2020 10:41 PM

I'm trying to implement Java applet blocking on my PIX, and I'm looking for a way to be more selective about how i do it.

According to the documentation, I can permit certain internal addresses to get Java applets from the outside, but it doesn't seem that I can permit all internal addresses to get Java applets only from certain external addresses.

I can do this (but would prefer not to) at my border router with CBAC using access lists, but the same functionality doesn't seem to be present in the PIX.

0 Helpful
2 Replies 2

yizhar
Level 1
Level 1

‎04-16-2003 03:24 PM

HI.

Did you read this:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1039734

According to the above document, you can specify either internal and/or external addresses in the "filter java" command. Did you try it?

What is your pix OS version?

What is the exact command that you try?

Yizhar

0 Helpful

bhockenhull
Level 1
Level 1
In response to yizhar

‎04-16-2003 03:44 PM

I saw that, but I can't translate that into what I want to do. Maybe I'm missing something.

What I want to do is to deny Java applets from all foreign hosts except fro those I define as friendly. Using CBAC, I'd set up a java access list along these lines:

access-list XX permit 12.0.3.0 0.0.0.255

access-list XX deny any

Which would allow Java applets from 12.0.3.0/24 but deny them from everyone else.

If I could use the filter java command to filter all java *except* certain stuff, that'd be perfect.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card