The firewall detect command configures the global ASPF/ALG function.
The undo firewall detect command cancels the ASPF/ALG configuration.
firewall detect protocol
firewall detect { activex-blocking | java-blocking }
firewall detect ipv6 ipv6–protocol
undo firewall detect protocol
undo firewall detect { activex-blocking | java-blocking }
undo firewall detect ipv6 ipv6–protocol
| Parameter | Description | Value |
|---|---|---|
| protocol | Specifies one of the protocols supported by IPv4 ASPF/ALG. | The value can be dns, ftp, h323, icq, ils, mgcp, mms, msn, netbios, pptp, qq, rsh, rtsp, sccp, sip or sqlnet. |
| activex-blocking | Blocks Activex Applets. | - |
| java-blocking | Blocks Java Applets. | - |
| ipv6–protocol | Specifies one of the protocols supported by IPv6 ASPF/ALG. | The value can be ftp, sip or rtsp. |
By default, the IPv4 ASPF/ALG function of the FTP protocol is enabled globally by default.
The global SIP ASPF/ALG function configured using the firewall detect sip command takes effect only for UDP-based SIP traffic and TLS-encrypted SIP traffic. For TLS-encrypted SIP traffic, the FW performs SSL decryption before ASPF/ALG processing.