07-29-2003 08:48 AM - edited 02-20-2020 10:53 PM
Hi...
We've noticed that web pages with embedded Java applets take an inordinately long time to download when opened from behind the PIX, even though supposedly there is no filtering enabled on the PIX.
Does anybody else see this ??? Could it be that the PIX is still scanning the page even though filtering isn't enabled ???
Thanks...
08-04-2003 12:17 PM
What you might be seeing is the time taken for initial download of large Java applets (and downloads of the same applets if they are not being cached locally). Delays as long as six minutes have been observed. The problem might also be due to virus scanning. Some virus scanners are configured to automatically scan content downloaded by browsers and those might be slowing down the download.
08-07-2003 04:40 AM
Hi...
Thanks for your reply...
The problem is when we move from behind the PIX (in front of the PIX in other words), the applets download very quickly...we make sure to clear the cache each time we test...
Thanks...
08-07-2003 04:49 AM
Hi,
Can you post your config please, remember to change real IP's and passwords.
Thanks --
08-07-2003 05:38 AM
Hi...
Here ya go :
: Saved
: Written by enable_15 at 16:44:22.406 CDT Tue Jul 29 2003
PIX Version 6.3(2)
interface gb-ethernet0 1000auto
interface gb-ethernet1 1000auto
interface ethernet0 100full
interface ethernet1 100full
nameif gb-ethernet0 outside security0
nameif gb-ethernet1 intf3 security15
nameif ethernet0 twilight-zone security90
nameif ethernet1 inside security100
enable password ***** encrypted
passwd ***** encrypted
hostname PIX
clock timezone CST -6
clock summer-time CDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1719-1720
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no names
pager lines 24
logging on
logging timestamp
logging monitor debugging
logging buffered debugging
logging trap debugging
logging history debugging
logging facility 19
logging host outside 10.10.10.1
no logging message 106015
no logging message 303002
no logging message 304001
mtu outside 1500
mtu intf3 1500
mtu twilight-zone 1500
mtu inside 1500
ip address outside 10.10.20.1 255.255.255.0
ip address intf3 127.0.0.1 255.255.255.255
ip address twilight-zone 10.10.30.1 255.255.255.0
ip address inside 10.10.40.1 255.255.255.0
multicast interface outside
igmp max-groups 1000
multicast interface inside
igmp forward interface outside
ip audit info action alarm
ip audit attack action alarm
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
ip audit signature 2011 disable
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address intf3
no failover ip address twilight-zone
no failover ip address inside
pdm history enable
arp timeout 14400
static (inside,outside) 10.10.40.0 10.10.40.0 netmask 255.255.255.0 0 0
static (twilight-zone,outside) 10.10.30.0 10.10.30.0 netmask 255.255.255.0 0 0
routing interface outside
ospf authentication-key *****
router ospf 1000
network 10.10.0.0 255.255.0.0 area 0
area 0 authentication
log-adj-changes
timeout xlate 3:00:00
timeout conn 4:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
ntp server 10.10.10.5 source outside
snmp-server host outside 10.10.10.2
snmp-server host outside 10.10.10.3
snmp-server host outside 10.10.10.4
snmp-server location Barn
snmp-server contact help
snmp-server community *****
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
telnet 10.10.40.0 255.255.255.0 inside
telnet timeout 30
ssh timeout 5
console timeout 0
terminal width 80
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide