Enable/Disable Firewall policy via CLI?

edited November 17 in Firebox - Other

I'm trying to figure out how to enable/disable a firewall policy via cli. I've figured out how to ssh to it and I've figured out the commands below. But, can't figure out how to enable/disable it. One thing I was thinking was to enable/disable a schedule on it... but that's not working.

FYI, I'm using my watchguard for home use only. I'm using it as my parental controls. I know there are other home routers that this would be way easier and have apps already that can do this. But, they're missing one huge gapping hole in the security. My kids figured out proxy servers and vpns. With the watchguard, I can block those.

configure
policy
show https-proxy "Chromebook Filter"

https-proxy "Chromebook Filter"

schedule "Chromebook Block" sun 0 0 23 45
no schedule "Chromebook Block"

These commands go through without error, but I login to the web page and nothing has changed.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited November 17

    In order to enable/disable a policy, you need to go into config mode, then policy mode

    WG# config
    WG (config)# policy
    

    You can then show your list of rules, so you know what exactly to type:

    WG (config/policy)# show rule
    
    Index Action   Name                          Service                       From-alias                           To-alias                                App-Control     Geolocation
    
    17    Denied   QUIC                          QUIC                          Any-Trusted                       Any-External                                            Global
    
    

    (List is truncated so it's not crazy long)

    Let's look at the rule itself so we know if it's enabled or not:

    WG(config/policy)#show rule QUIC
    --
    -- Policy Rule <QUIC>
    --
    rule position                  : 17
    name                           : QUIC
    enable                         : Yes
    schedule                       : Always On
    --
    

    We see that it is. Let's disable it.

    WG(config/policy)#rule QUIC
    WG(config/policy/rule-QUIC)#no enable
    WG(config/policy/rule-QUIC)#apply
    WG(config/policy/rule-QUIC)#exit
    

    Lets verify that the rule is now disabled:

    WG(config/policy)#show rule QUIC
    --
    -- Policy Rule <QUIC>
    --
    rule position                  : 17
    name                           : QUIC
    enable                         : No
    schedule                       : Always On
    --
    

    You can now exit the CLI.

    If you want to enable a rule, it's the same procedure, just use "enable" instead of "no enable."

    I would suggest using the WebUI or WSM, as managing policies via the CLI cranks the difficulty up.

    -James Carson
    WatchGuard Customer Support

  • Awesome. totally worked. Thanks!

Sign In to comment.