Section 8.0: Advanced Security
8.1. Perimeter Security
Configure HTTP inspection on R4 to block all Java applets. See Example 4-42.
Use the java-list option to specify an access list from sites to permit/deny downloading Java applets.
Configure TCP inspection to test if CBAC is working; see Example 4-43.
Example 4-42. HTTP Inspection with Java Filtering on R4
ip inspect name lab4 http java-list 1
!
access-list 1 deny any
!
r4#show ip inspect all Session audit trail is disabled Session alert is enabled one-minute (sampling period) thresholds are [400:500] connections max-incomplete sessions thresholds are [400:500] max-incomplete tcp connections per host is 50. Block-time 0 minute. tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec tcp idle-time ... |
Get CCIE Security Practice Labs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
