Enable/Disable Firewall policy via CLI?

davidortenn79davidortenn79
edited November 2022 in Firebox - Other

I'm trying to figure out how to enable/disable a firewall policy via cli. I've figured out how to ssh to it and I've figured out the commands below. But, can't figure out how to enable/disable it. One thing I was thinking was to enable/disable a schedule on it... but that's not working.

FYI, I'm using my watchguard for home use only. I'm using it as my parental controls. I know there are other home routers that this would be way easier and have apps already that can do this. But, they're missing one huge gapping hole in the security. My kids figured out proxy servers and vpns. With the watchguard, I can block those.

configure
policy
show https-proxy "Chromebook Filter"

https-proxy "Chromebook Filter"

schedule "Chromebook Block" sun 0 0 23 45
no schedule "Chromebook Block"

These commands go through without error, but I login to the web page and nothing has changed.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited November 2022

    In order to enable/disable a policy, you need to go into config mode, then policy mode

    WG# config
WG (config)# policy

    You can then show your list of rules, so you know what exactly to type:

    WG (config/policy)# show rule

Index Action   Name                          Service                       From-alias                           To-alias                                App-Control     Geolocation

17    Denied   QUIC                          QUIC                          Any-Trusted                       Any-External                                            Global

    (List is truncated so it's not crazy long)

    Let's look at the rule itself so we know if it's enabled or not:

    WG(config/policy)#show rule QUIC
--
-- Policy Rule <QUIC>
--
rule position                  : 17
name                           : QUIC
enable                         : Yes
schedule                       : Always On
--

    We see that it is. Let's disable it.

    WG(config/policy)#rule QUIC
WG(config/policy/rule-QUIC)#no enable
WG(config/policy/rule-QUIC)#apply
WG(config/policy/rule-QUIC)#exit

    Lets verify that the rule is now disabled:

    WG(config/policy)#show rule QUIC
--
-- Policy Rule <QUIC>
--
rule position                  : 17
name                           : QUIC
enable                         : No
schedule                       : Always On
--

    You can now exit the CLI.

    If you want to enable a rule, it's the same procedure, just use "enable" instead of "no enable."

    I would suggest using the WebUI or WSM, as managing policies via the CLI cranks the difficulty up.

    -James Carson
    WatchGuard Customer Support

  • davidortenn79davidortenn79

    Awesome. totally worked. Thanks!

  • christian_eliaschristian_elias

    Awesome. totally worked here. Thanks!

Sign In to comment.