Transparent mode and DHTML menus

Hi,
I was wondering if anyone has found any workarounds that work
better when Flash content falls on top of dynamic content such as
DHTML menus? I set the wmode to transparent for my flash because it
sits below drop down menus. However, this 'fix' does not work
consistently. It works for me, but not for others. Some are using
IE, like me. It does not work at all in Firefox. I've read that
this is a hugh bug and besides setting the wmode to transparent
there is not much else one can do. Even fooling with the zindexes
does not work. THERE MUST BE A WAY TO GET AROUND THIS! Does anyone
know if the newer versions of Flash are addressing this issue?
Unfortunately, I'm still stuck in FlashMX at work. We have
the newer version but it's not installed yet.
Thanks,
Suzanne A

Suzanne A,
>> I was wondering if anyone has found any workarounds
>> that work better when Flash content falls on top of
>> dynamic content such as DHTML menus? I set the
>> wmode to transparent for my flash because it sits
below
>> drop down menus. However, this 'fix' does not work
>> consistently.
True enough. This is well documented in the forum archives
and in
macromedia.com technotes. Of course, you only need
"transparent" if the
SWF's background is supposed to be invisible. Another value
for this
attribute is "opaque," which some have noted as less prone to
bugs.
The main thing is that wmode provides a way to display
"active content"
in a manner that doesn't obscure other objects in the
document -- some
browsers support this feature better than others. It's worth
noting that
wmode is not an invention of Adobe or Macromedia. It is a
mechanism that
can be used for QuickTime video and any other content not
normally displayed
by the browser, including Java applets, and so on. In other
words, content
that requires a plug-in or virtual machine.
>> It works for me, but not for others. Some are using
IE,
>> like me. It does not work at all in Firefox.
Sure it works in Firefox.
http://www.communitymx.com/content/source/E5141/wmodenone.htm
>> THERE MUST BE A WAY TO GET AROUND THIS!
I would be nice, for sure. But in general, the idea that any
given
thing *must* be accomplishable can sometimes lead to
disappointment.
There *must* be a way to display CSS properly in IE, for
example -- but
sometimes there isn't. Sure, there are hacks and workarounds,
and sometimes
those are worth the effort ... but sometimes they aren't, and
in those
cases, IE's CSS support is frustrating.
>> Unfortunately, I'm still stuck in FlashMX at work.
We have the
>> newer version but it's not installed yet.
This isn't solved in Flash 8. Remember, this isn't, per se,
a Flash
issue.
David
stiller (at) quip (dot) net
Dev essays:
http://www.quip.net/blog/
"Luck is the residue of good design."

Similar Messages

  • ASA in transparent mode and IP addresses

    Hello,
    I need to put an ASA in transparent mode.
    Our router (managed by the carrier) routes more than one public IP class in a single VLAN.
    On the "Cisco Security Appliance Command Line Configuration guide", in "Trasnaprent Firewall Guidelines" it's written: "Each directly connected network must be on the same network".
    This means also that I can have ONLY ONE subnet that flows fron the outside and the inside, or can I have more than one class?
    If I can have only one class, the only solution is to use multiple context (and separate each classes in different interfaces)?
    Thanks a lot

    The ASA in trasparent mode works at layer 2. So it really does not care if the traffic that flows through it is from different subnet as long as the L3 devices it connects to knows how to reach these subnet. TheASA in transparent is basically a bump in the wire (a bridge) and for that reason you can only use 2 interfaces on the ASA in transparent implementation.
    P.S. When people see attitude in your threads, they will refrain from answering your question. That's for future reference.

  • Transparent Mode and Logging

    Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using.  The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
    Thanks

    Hello Will,
    Havent try it, but I am sure you should be able to Use the OOB management interface (management 0/0) to accomplish such.
    Let us know.
    Mike

  • VTP transparent mode and using VTP domain

                       Hi all,
    Need to ask question when  using VTP transparent mode is it good idea to use VTP domain name and password?
    I know for switches in transparent mode they act as independent of each other.
    So need to know why we should use vtp domain  and password with transparent mode?
    thanks
    mahesh

    Mahesh,
    I know this 2 years later, but it will help others who will come across this. If you have a Transparent switch mixed with Server and Clients switches. This is your concern....... If you do not put the Transparent switch in the same domain, then it will not forward VLAN changes to other swithces.  
    So Sw1(Server-CCIE Domain) <-------> Sw2(Transparent-CCIE Domain)  <-------> Sw3(Client-CCIE Domain)
    The above will work because the Transparent switch is in the same domain. This means that SW3 will get any Vlan changes that are done on SW1.
    Now lets look at it the other way.........
    Sw1(Server-CCIE Domain) <-------> Sw2(Transparent-Null Domain)  <-------> Sw3(Client-CCIE Domain)
    Two things are going to happen here
    1) The transparent switch is not on same domain, so SW3 will never get any updates when changes to Vlans are done on SW1. So if I add one vlan to SW1, and that make the Configuration Revision increase to the value of 10, that means SW3's Revision will still be 9, and will remain that way until the issue is corrected.
    2) If you are dynamically negotiating trunks, this will never happen due to the mismatch domains. Meaning that your trunks will never come up because you did not put your Transparent switch in the same domain.
    Kiel Martin 

  • Trying to figure out whether I can use an ASA cluster in Transparent mode to facilitate VRF based network ??

    Hi Guys,
    I had to re-post this here because I did not get any comments earlier.. hopefully I'll get something here.. :)
    I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
    The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
    As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers)  I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).  
    I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
    So I need to clarify following with you guys.. 
    1) Can I actually do this or am I missing something.
    2) Are there any limitations that I might run in to with this setup
    3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
    4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
    Appreciate your input.
    Thanks
    Shamal 

    There is a limitation on how many context you can have, which depends on the license you have.  This is quite possible with ASA multi routed mode and even with multi transparent mode.  You can have overlapping ip in each context without the need of using nat as long as you have unique mac address for each sub interface.
    Thanks

  • Failure when FWSM in transparent mode with multiple contexts

    hi experts,
                We have two FWSMs working in active/standby state,  configured with multiple contexts in transparent mode. and the "outside" and "inside" interfaces for each context are in same subnet. 
                Now we have one FWSM broken and the RMA part can't arrived in short time, so  we have the risk that the sencond FWSM could be failed as well.   In the worst case if the two was broken or powered off simultaneously,   i wonder that if the communications between multiple contexts could be ok???
    thanks in advance.

    The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

  • Transparent wsa and https traffic

    folks
    i've deploying a S300V in transparent mode and using wccp
    i have a single policy allowing http and https
    http works fine but https doesn't
    i can see both sets of requests go out through my outer firewalls but the https handshake doesn't get past the client hello
    the VM is being used on a guest wifi network so clients won't be authenticated, won't have a common root certificate and i don't want to decrypt traffic
    tac are telling me i need to enable the https proxy but i can't as clients won't have the root certificate required
    do i need to use https proxy?
    thanks to anyone taking the time to reply

    Ken,
    If I dont to decrypt HTTPS but still want the traffic to be inspected for URL and web reputation, do I need to upload a root certificate still? I would have assume not as I do not want to decrypt HTTPS but the GUI doesn't allow me to enal HTTPS Proxy without uploading a certificate; basically I cannot "Enable HTTPS Proxy" and submit without a cert.
    Basically what I just want to do is just pass through the HTTPS traffic to be check against the Access policies that the HTTP is being checked against.
    Is this viable? If so can you let me know how I can achieve the above?
    Thanks

  • Transparent mode with AIP-SSM-20

    I currently have an ASA5510 in routed mode with an AIP-SSM-20.
    There is a requirement to use a fibre optic connection between this ASA and another ASA across campus, so the AIP-SSM will have to be removed and replaced with the SSM-4GE.  This part should present no issue.
    However, this will remove the IPS device, and I still want to use IPS.
    So, what I am thinking is to get another ASA5510, install the AIP-SSM, configure ASA for transparent mode and put it in between the inside of the routed ASA and my LAN.  The transparent ASA would be functioning strictly as an IPS appliance.
    Setup would look something like this:
    Internal LAN <> transparent ASA with IPS <> routed ASA <> WAN
    Can the AIP-SSM still perform IPS with the ASA in transparent mode?
    Is there a way to configure the ASA and AIP-SSM such that traffic to/from a particular server completely bypasses the AIP-SSM?
    I have a couple of fileservers that generate heavy traffic and could overload the AIP-SSM.
    Regards.

    AFAIR, There is no problem to setup AIP in a transparent firewall.
    "An ASA in transparent mode can run an AIP.  In the event the AIP fails,
    the IPS will fail-open and the ASA will continue to pass traffic.
    However, if an interface or cable fails, then traffic will stop.  You
    would need a failover pair to account for this failure event, which
    means another ASA and matching AIP."
    And no there is no problem to exclude certain hosts/ports/subnets from inspection by IPS via MPF.
    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ips.html#wp1050744
    What I however consider however is if the ASAs 5510 as second tier firewall for 5520s will be enough.
    http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
    HTH,
    Marcin

  • Transparent Mode using WCCP v2

    Dear All,
    Greetings. Please correct me if I am wrong. When to use GRE and when to use L2 redirection is depends on the router/switch?
    What are the parameters to be configured in Transparent Redirection 'Load-Balacing Method' and 'Forwarding Method' when using GRE?
    Please help me to understand more on GRE and L2 redirection when in transparent mode, and configuration in S-Series.
    Many Thanks,
    ezekiel

    Ezekiel,
    L2 is the preferred method when possible, since GRE adds an extra 28 bytes of overhead. For L2 to be possible, the WSA must be directly connected to the router / WCCP device.
    If the WSA is more then 1 hop away, GRE MUST be used.
    The major difference between Hashing and Masking is that if Masking is supported, the router / switch will consume less CPU building the load balancing tables.
    It's recommended that you set the WSA to use "Hashing or Masking". The WSA will then negotiate with the WCCP router which to use. If your router supports both, Masking is preferred.
    Hope this helps.
    Please help regarding WCCP v2.
    My company had 2 routers & 2 WSA. Each WSA is directly connected to the each router.
    Can I use both WCCP L2 & GRE? If possible, can give some examples?

  • VTP v2 Transparent mode forwarding

    All,
    As part of my recertification, i am studying VTP (again) and i ran into the following question:
    I know VTP v1 switches in transparent mode only forward VTP advertisements if the domain name is the same and if the version is the same (so only v1 gets forwarded and only if the domain name matches)
    I know VTP v2 has a feature called: version-independent forwarding: a VTP v2 transparent switch will forward VTP v2 packets as well as VTP v1 packets.
    BUT what about the domain name ? Does it still need to match ?
    Will a VTP v2 Transparent Switch in domain "Cisco" forward a VTP v1 or v2 advertisement of domain "TEST" ???
    regards,
    Geert

    Ok. Thx. Let us believe the documentation.
    Although it is not really clear why this feature is called "version dependent transparent mode" and not "version independent transparent mode". To me it seems more logical - since it forwards v1 and v2 - to be version independent...
    So in the following situation:
    SW1 ---- trunk --- SW2 ----- trunk----- SW3
    Server Transparent Client
    VLANS 1,2,3
    Domain TEST Domain Cisco Domain TEST
    If SW2 is running VTP v1 --> SW3 does not know any VLANs
    If SW2 is running VTP v2 --> SW3 does see VLANS 1,2,3
    Geert

  • ASA 55xx in transparent mode - switch ARP table?

    Guys,
    It's a basic question about how transparent mode firewalls communicate with the connecting switches.
    My understanding is that if I separate the LAN eg. 10.1.1.x with a transparent firewall than it will only "snoop" the traffic and will not change anything in the Ethernet header.
    Is it correct or still will replace the MAC address with the firewall physical interface address to send the frame to the connecting switch?
    e.g.
    client--------->switch------->transparent 5510-------->switch---------->server
    10.1.1.1                                                                                              10.1.1.100
    When the client sends the ARP to look up the hardware address of the server then what will that received back?
    The MAC address of the transparent ASA, or the server?
    Thank you!

    Source MAC address is never changed if the traffic is passing through same IP subnet (vlan). Here the firewall is in transparent mode and if it alter the source mac address communication will not happen. This is a very fundamental network concept. However it may recreate the same frame with same souce/destination mac addresses.
     

  • Using Clustered ASAs in Transparent mode to support VRF based Network ?

    Hi Guys,
    I'm investigating the ways that I can use 2 x ASA (5525x) to accommodate Multi-tenancy situation with overlapping addresses. Unfortunately in this particular scenario we have to stick with 5525x firewalls.
    The ASAs are going to be placed in north-south traffic path between 2 routers and these routers need to be configured with multiple VRFs to segregate the traffic for each tenant with overlapping IP subnets ( We are not looking at NAT as a workaround for the time being).
    As we know, this ASA model won't support VRFs so we can't use the ASA as a intermediary routing hop and therefore this is not an option.. and using security contexts per VRF seems not scale-able enough (correct me if I'm wrong). So my thinking is that, if we put the ASAs in to the transparent mode and just use the ASAs as a layer 2 interconnect (configured with different VLANs connecting VRFs served by top and bottom routers)  I should be able to go up to maximum of 50 VRFs (since 5525x only supports 200 VLANs).  
    I'm also planning to use the 2 ASAs in a cluster mode to aggregate the bandwidth of both ASAs for better throughput.
    So I need to clarify following with you guys.. 
    1) Can I actually do this or am I missing something.
    2) Are there any limitations that I might run in to with this setup
    3) Is there anyone out there who's doing the same thing or can you think of a better way to tackle this scenario (with same hardware and requirements)
    4) Instead of using clustering, can I use simple Active/Stanby pare and still configure transparent mode and use it that way ?
    Appreciate your input.
    Thanks
    Shamal 

    Is any expert out there who can answer my query ?. Much appreciated.

  • IPS in Transparent Mode

    Hi,
    I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
    Thanks.

    Hello,
    Yes, it can definetly run on transparent mode
    An ASA in transparent mode can run an AIP.  In the event the AIP fails,
    the IPS will fail-open and the ASA will continue to pass traffic.
    However, if an interface or cable fails, then traffic will stop.  You
    would need a failover pair to account for this failure event, which
    means another ASA and matching AIP."
    Regards,
    Julio

  • Transparent Firewalls and DHCP on a 5510 ASA

    I have a 5510 ASA running 8.2 configured in transparent mode and I am trying to allow devices on the inside network to acquire an IP address from a DHCP server on the outside.  I've seen several articles that indicate an ACL is necessary to permit outgoing traffic on port 68 and incoming traffic on port 67.  That actually works and the inside device gets an IP address.  The problem is that no other outbound traffic is allowed from the inside device.  The ACL put in place to permit DHCP, because of its implicit deny at the end of the ACL, denies all other traffic.  DHCP is now the ONLY thing allowed out.  What am I doing wrong here?

    In a default configuration the difference in security levels between the inside and outside interfaces would allow the DHCP requests out, and the UDP xlate entry created for the outgoing packet would allow the DHCP reply back in.  It would just work, but you would have very little control of packet flows, static NAT, or logging.
    Once you start applying ACL's to interfaces, you have to explicitly allow everything you want.  All of my firewall interfaces have inbound ACLs, and some also have outbound, so. E.g. subnets where I want to fairly permissive outbound get something like:
    access-list DMZ-INGRESS extended permit ip any object-group LOCAL-NAT0
    access-list DMZ-INGRESS extended deny ip any object-group RFC-5735-SPECIAL log
    access-list DMZ-INGRESS extended deny ip any object-group ALL-MCAST log
    access-list DMZ-INGRESS extended permit ip any any
    Since I happen to be running in routed mode rather than transparent, I have to configure DHCP relay instead of something like "permit udp any any".  I won't include the object groups unless someone asks.
    -- Jim Leinweber, WI State Lab of Hygiene

  • The difference between VTP server and transparent mode on Catalyst Switch.

    Hello 
    I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
    Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
    [VTP Transparent mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    [VTP Server mode]
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    Best Regards,
    Masanobu Hiyoshi

    Hi mhiyoshi,
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Transparent
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *omit
    vlan 99
     name TEST-VLAN
    The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
    3550#sh vtp status
    VTP Version                     : 2
    Configuration Revision          : 0
    Maximum VLANs supported locally : 1005
    Number of existing VLANs        : 27
    VTP Operating Mode              : Server
    VTP Domain Name                 :
    VTP Pruning Mode                : Disabled
    VTP V2 Mode                     : Disabled
    VTP Traps Generation            : Disabled
    *omit
    3550#
    3550#sh run
    Building configuration...
    *no VLAN like above configuration on VTP transparent mode.
    This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

Maybe you are looking for