How can I filter JAVA and ActiveX using my PIX Firewall?

[quote Cisco]Java applets may be downloaded when you permit access to port 80 (HTTP), and some Java applets can contain hidden code that can destroy data on the internal network. A solution to this problem is to use the filter java command to block all Java applets.[/quote]

The command to Filter Java is the following syntax:

filter java port[-port] local_ip mask foreign_ip mask

To completely block all JAVA access on port 80, use the following command:

filter java 80 0 0 0 0

[quote Cisco]ActiveX controls, formerly known as Object Linking and Embedding (OLE) or Object Linking and Embedding control (OCX), are applets that can be inserted in web pagesùoften used in animationsùor in other applications. ActiveX controls create a potential security problem because they can provide a way for someone to attack servers. Because of this potential security problem, you can use the PIX Firewall to block all ActiveX controls.[/quote]

The command to Filter ActiveX is the following syntax:

filter activex port local_ip mask foreign_ip mask

To completely block all ActiveX access on port 80, use the following command:

filter activex 80 0 0 0 0




I hope this FAQ has been helpful to you.
Lloyd Severence