Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
4
Replies

PIX 535 V6.3(2) and Java filtering...

vgrigaliunas
Level 1
Level 1

‎07-29-2003 08:48 AM - edited ‎02-20-2020 10:53 PM

Hi...

We've noticed that web pages with embedded Java applets take an inordinately long time to download when opened from behind the PIX, even though supposedly there is no filtering enabled on the PIX.

Does anybody else see this ??? Could it be that the PIX is still scanning the page even though filtering isn't enabled ???

Thanks...

0 Helpful
4 Replies 4

drolemc
Level 6
Level 6

‎08-04-2003 12:17 PM

What you might be seeing is the time taken for initial download of large Java applets (and downloads of the same applets if they are not being cached locally). Delays as long as six minutes have been observed. The problem might also be due to virus scanning. Some virus scanners are configured to automatically scan content downloaded by browsers and those might be slowing down the download.

0 Helpful

vgrigaliunas
Level 1
Level 1
In response to drolemc

‎08-07-2003 04:40 AM

Hi...

Thanks for your reply...

The problem is when we move from behind the PIX (in front of the PIX in other words), the applets download very quickly...we make sure to clear the cache each time we test...

Thanks...

0 Helpful

jmia
Level 7
Level 7
In response to vgrigaliunas

‎08-07-2003 04:49 AM

Hi,

Can you post your config please, remember to change real IP's and passwords.

Thanks --

0 Helpful

vgrigaliunas
Level 1
Level 1
In response to jmia

‎08-07-2003 05:38 AM

Hi...

Here ya go :

: Saved

: Written by enable_15 at 16:44:22.406 CDT Tue Jul 29 2003

PIX Version 6.3(2)

interface gb-ethernet0 1000auto

interface gb-ethernet1 1000auto

interface ethernet0 100full

interface ethernet1 100full

nameif gb-ethernet0 outside security0

nameif gb-ethernet1 intf3 security15

nameif ethernet0 twilight-zone security90

nameif ethernet1 inside security100

enable password ***** encrypted

passwd ***** encrypted

hostname PIX

clock timezone CST -6

clock summer-time CDT recurring

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1719-1720

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

no names

pager lines 24

logging on

logging timestamp

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

logging facility 19

logging host outside 10.10.10.1

no logging message 106015

no logging message 303002

no logging message 304001

mtu outside 1500

mtu intf3 1500

mtu twilight-zone 1500

mtu inside 1500

ip address outside 10.10.20.1 255.255.255.0

ip address intf3 127.0.0.1 255.255.255.255

ip address twilight-zone 10.10.30.1 255.255.255.0

ip address inside 10.10.40.1 255.255.255.0

multicast interface outside

igmp max-groups 1000

multicast interface inside

igmp forward interface outside

ip audit info action alarm

ip audit attack action alarm

ip audit signature 2000 disable

ip audit signature 2001 disable

ip audit signature 2004 disable

ip audit signature 2005 disable

ip audit signature 2011 disable

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address intf3

no failover ip address twilight-zone

no failover ip address inside

pdm history enable

arp timeout 14400

static (inside,outside) 10.10.40.0 10.10.40.0 netmask 255.255.255.0 0 0

static (twilight-zone,outside) 10.10.30.0 10.10.30.0 netmask 255.255.255.0 0 0

routing interface outside

ospf authentication-key *****

router ospf 1000

network 10.10.0.0 255.255.0.0 area 0

area 0 authentication

log-adj-changes

timeout xlate 3:00:00

timeout conn 4:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

ntp server 10.10.10.5 source outside

snmp-server host outside 10.10.10.2

snmp-server host outside 10.10.10.3

snmp-server host outside 10.10.10.4

snmp-server location Barn

snmp-server contact help

snmp-server community *****

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

telnet 10.10.40.0 255.255.255.0 inside

telnet timeout 30

ssh timeout 5

console timeout 0

terminal width 80

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card