Firewall Feature Set Commands
XSR CLI Reference Guide 16-119
Syntax
ip firewall java {all, none, selected network_name}
ip firewall activex {all, none, selected network_name}
Syntax of the “no” Form
ThenoformofthiscommanddisablesJavaorActiveX:
no ip firewall java/activex {all, none, selected network_name}
Default
DenyallHTMLpageswithJavaandActiveXapplets
Mode
Globalconfiguration:XSR(config)#
Example
Thefollowingexampleconfigurescorporatenetworkasanetworkgroupobjectlistingallreachable
networks,excludinganyActiveXapplets,atcorporateheadquarters:
XSR(config)#ip firewall java selected corporate-network
XSR(config)#ip firewall activex none

ip firewall load

Thiscommandloadscurrentfirewallsettingsintotheroutersinspectionengine.Thecurrent
configurationcomprisesallCLIcommandsthathavebeenenteredsincethelastload.Executing
thiscommandclearsallsessionsthusrequiringallTCPconnectionsbereestablished.
Becausethenoversionofthiscommandisnotavailable,inordertoundoarecentfirewall
configurationyoumustexecutenoversionsofcommandswhichinvoketheconfiguration.
Optionally,youcanbuildtheconfigurationbutnotdisturbthefirewallengine.Thisisauseful
tooltoconfigurethefirewallwhileincrementallycheckingitsvalidity.Also,youcanschedulea
loadalthoughthisoptionblocksanyfirewallconfigurationintheinterim.
Syntax
ip firewall load delay [trial]{1-7 [hh:mm]|hh:mm}[enable |disable]
all PermitHTMLpageswithJavafromallIPaddresses.
none DenyHTMLpageswithJavafromanyIPaddress.
selected PermitHTMLpageswithJavafromselectedIPaddresses.
network_name Anyinternalorexternalnetworkornetworkgroupobject.
trial Buildsconfigurationbutdoesnotloaditintothefirewallengine.
1-7 hh: mm: Intervalintheformatdays<17>HH:MMtowaituntilthefirewallloador
restartisperformed.Noobjectcanbemodifiedduringthistimeexcepta
trialload.Loggingrestartswhentheloadruns.Thedaysvalueisoptional
andifentered,thehoursandminutesvaluesarealsooptional.