FAQ-How Can I Use the detect java-blocking and detect activex-blocking Commands

Publication Date:  2015-07-01 Views:  333 Downloads:  0
Issue Description
How Can I Use the detect java-blocking and detect activex-blocking Commands?
Solution
If the detect activex-blocking command is configured in the interzone, the firewall detects and blocks the Activex control in the interzone, download .cab or .ocx files, and replace their file name extensions with .blk. As a result, the download fails. If the detect java-blocking command is configured in the interzone, the firewall detects and blocks the Java control in the interzone, download .class files, and replace their file name extension with .block. As a result, the download fails. The two commands can be used together with ACLs to block only the packets that match the specified ACLs.

For example:

Configure an ASPF policy for HTTP, enable Java blocking, and configure ACL 2001 to use the ASPF policy to filter out Java Applets from the target server at 10.1.1.1.

[USG] system-view
[USG] acl number 2001
[USG-acl-basic-2001] rule permit source 10.1.1.1 0
[USG-acl-basic-2001] rule deny
[USG] firewall interzone trust untrust
[USG-interzone-trust-untrust] detect http
[USG-interzone-trust-untrust] detect java-blocking 2001

END