Enable/disable Policy via script


I need to find an easy way to enable/disable a policy on theFirebox by end-user. Is it possible to do this via snmp?

Thanks for you help!


  • Options

    One can do this via the CLI - which requires a firewall Admin access privileges.

    Please provide more info on why you need this ability for an "end" user.

    There are WebBlocker override options, if that is the need.

  • Options

    Hi! I need to allow remote access during certain situations for maintenance and DCS operator support.

    I would like to set up an OPC UA server that is connected to the DCS. When calling a method on the OPC UA server the policy should be disabled/enabled.

  • Options

    Best to open a support incident to get help from a WG rep to see the best way to do this.

    You certainly would not want every policy to be able to be disabled by such a process - just one or a few specific policies.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chris_3 The only way to modify policies on the firewall is via an admin user, or user with admin permissions. If they have admin, they can modify any policy, not just specific ones.

    If the user needs access, I'd suggest setting up a user in the Firebox-DB and having the user use the static authentication page that exists on port 4100. If the user logs into that page, their IP is then allowed to any policy that matches the username/group that user is in.

    There's also the option of allowing the user to VPN in and access the resources that way, which is likely the most secure.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.