No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-How Can I Use the detect java-blocking and detect activex-blocking Commands

Publication Date:  2015-07-01 Views:  503 Downloads:  0
Issue Description
How Can I Use the detect java-blocking and detect activex-blocking Commands?
Solution
If the detect activex-blocking command is configured in the interzone, the firewall detects and blocks the Activex control in the interzone, download .cab or .ocx files, and replace their file name extensions with .blk. As a result, the download fails. If the detect java-blocking command is configured in the interzone, the firewall detects and blocks the Java control in the interzone, download .class files, and replace their file name extension with .block. As a result, the download fails. The two commands can be used together with ACLs to block only the packets that match the specified ACLs.

For example:

Configure an ASPF policy for HTTP, enable Java blocking, and configure ACL 2001 to use the ASPF policy to filter out Java Applets from the target server at 10.1.1.1.

[USG] system-view
[USG] acl number 2001
[USG-acl-basic-2001] rule permit source 10.1.1.1 0
[USG-acl-basic-2001] rule deny
[USG] firewall interzone trust untrust
[USG-interzone-trust-untrust] detect http
[USG-interzone-trust-untrust] detect java-blocking 2001

END