Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Selective Java applet blocking by external address with PIX?

I'm trying to implement Java applet blocking on my PIX, and I'm looking for a way to be more selective about how i do it.

According to the documentation, I can permit certain internal addresses to get Java applets from the outside, but it doesn't seem that I can permit all internal addresses to get Java applets only from certain external addresses.

I can do this (but would prefer not to) at my border router with CBAC using access lists, but the same functionality doesn't seem to be present in the PIX.

2 REPLIES
New Member

Re: Selective Java applet blocking by external address with PIX?

HI.

Did you read this:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/df.htm#1039734

According to the above document, you can specify either internal and/or external addresses in the "filter java" command. Did you try it?

What is your pix OS version?

What is the exact command that you try?

Yizhar

New Member

Re: Selective Java applet blocking by external address with PIX?

I saw that, but I can't translate that into what I want to do. Maybe I'm missing something.

What I want to do is to deny Java applets from all foreign hosts except fro those I define as friendly. Using CBAC, I'd set up a java access list along these lines:

access-list XX permit 12.0.3.0 0.0.0.255

access-list XX deny any

Which would allow Java applets from 12.0.3.0/24 but deny them from everyone else.

If I could use the filter java command to filter all java *except* certain stuff, that'd be perfect.

114
Views
0
Helpful
2
Replies
CreatePlease to create content