Server and internal network PC are in the same security area, server did mapping to the external and configured domain NAT, in the external network access server, can use the web page plug-ins normally, in internal network using the private network address access web page, can also use the plug-ins of the page normally, but when through the external address access, cannot use plug-ins of the page, there is no security policy restriction in firewall. Configuration is as follows:
nat address-group 10 22.214.171.124 126.96.36.199
nat server 12 global 10.193.1.12 inside 192.168.200.12
nat server 17 global 10.193.1.17 inside 192.168.200.17
nat-policy zone trust
policy source 192.168.200.0 0.0.0.255
1, open the related “detect” detection related with web plug-ins in domain, the problem is still.
2, check firewall configuration without problems, check the source code of the mappd web page, this plug-in didn’t use separate IP or port.
3, in the internal network PC respectively use the server’s mapped internal and external address access, and capture packages at the same time to analysis, contrast the captured message, the content has no exception, the only different place is when using internal address access, the server returned address is the mapped external address, when using internal network address access, the message did not go through the firewall, message has been redirected and it has no relationship with firewall, inference should be the server opened the redirection function.
4, respectively save the page accessed through the internal address and external addresses to local, open the two pages in local, the plug-in on the web can be used, namely the plug-in has been downloaded to the local, basic inference it has no relationship with firewall.
5, check the ie security settings again, add the server’s internal and external addresses and the mapped external address to trust list, access web pages again, the controlling tool can be used, locate the problem is caused by ie browser’s security mechanism.
1, didn’t open the “detect” detection of related protocol in domain.
2, firewall can't identify and filter the plug-in, web plug-in might use separate port or IP.
3, Web plug-in own problem
4, other problems