Enterasys Networks XSR CLI Router User Manual


  Open as PDF
of 684
 
Firewall Feature Set Commands
XSR CLI Reference Guide 16-119
Syntax
ip firewall java {all, none, selected network_name}
ip firewall activex {all, none, selected network_name}
Syntax of the “no” Form
ThenoformofthiscommanddisablesJavaorActiveX:
no ip firewall java/activex {all, none, selected network_name}
Default
DenyallHTMLpageswithJavaandActiveXapplets
Mode
Globalconfiguration:XSR(config)#
Example
Thefollowingexampleconfigurescorporatenetworkasanetworkgroupobjectlistingallreachable
networks,excludinganyActiveXapplets,atcorporateheadquarters:
XSR(config)#ip firewall java selected corporate-network
XSR(config)#ip firewall activex none
ip firewall load
Thiscommandloadscurrentfirewallsettingsintotherouter’sinspectionengine.Thecurrent
configurationcomprisesallCLIcommandsthathavebeenenteredsincethelastload.Executing
thiscommandclearsallsessionsthusrequiringallTCPconnectionsbereestablished.
Becausethenoversionofthiscommandisnotavailable,in
ordertoundoarecentfirewall
configurationyoumustexecutenoversionsofcommandswhichinvoketheconfiguration.
Optionally,youcanbuildtheconfigurationbutnotdisturbthefirewallengine.Thisisauseful
tooltoconfigurethefirewallwhileincrementallycheckingitsvalidity.Also,youcanschedulea
loadalthough
thisoptionblocksanyfirewallconfigurationintheinterim.
Syntax
ip firewall load delay [trial]{1-7 [hh:mm]|hh:mm}[enable |disable]
all
PermitHTMLpageswithJavafromallIPaddresses.
none
DenyHTMLpageswithJavafromanyIPaddress.
selected
PermitHTMLpageswithJavafromselectedIPaddresses.
network_name
Anyinternalorexternalnetworkornetworkgroupobject.
trial
Buildsconfigurationbutdoesnotloaditintothefirewallengine.
1-7 hh: mm:
Intervalintheformatdays<17>HH:MMtowaituntilthefirewallloador
restartisperformed.Noobjectcanbemodifiedduringthistimeexcepta
trialload.Loggingrestartswhentheloadruns.Thedaysvalueisoptional
andifentered,thehoursandminutesvaluesarealso
optional.
 previous next