Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How can I filter JAVA and ActiveX using my PIX Firewall?

Access Lists

How can I filter JAVA and ActiveX using my PIX Firewall?

by  LloydSev  Posted    (Edited  )
[quote Cisco]Java applets may be downloaded when you permit access to port 80 (HTTP), and some Java applets can contain hidden code that can destroy data on the internal network. A solution to this problem is to use the filter java command to block all Java applets.[/quote]

The command to Filter Java is the following syntax:

filter java port[-port] local_ip mask foreign_ip mask

To completely block all JAVA access on port 80, use the following command:

filter java 80 0 0 0 0

[quote Cisco]ActiveX controls, formerly known as Object Linking and Embedding (OLE) or Object Linking and Embedding control (OCX), are applets that can be inserted in web pagesùoften used in animationsùor in other applications. ActiveX controls create a potential security problem because they can provide a way for someone to attack servers. Because of this potential security problem, you can use the PIX Firewall to block all ActiveX controls.[/quote]

The command to Filter ActiveX is the following syntax:

filter activex port local_ip mask foreign_ip mask

To completely block all ActiveX access on port 80, use the following command:

filter activex 80 0 0 0 0




I hope this FAQ has been helpful to you.
Lloyd Severence
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top