Strange firewall policie

edited October 2 in Firebox - Other

I have discovered a strange firewall rule that looks like this and it is in top (no #1)
1. Any From Firebox Any Firebox Any Any
I cannot edit it nor delete it, it just says "ou cannot modify this default object."
The rule was added back in -2012 (the config is probably that old or older and fw has been upgraded to new model(s) over the years).

How can I get rid of that policie (?), using CLI perhaps?
Tried both GUI and WSM.

/M

Comments

  • I tried to do it in CLI:
    WG(config/policy)#no rule "Any From Firebox"
    Error: "You cannot modify this default object."

    But no luck :-(

  • I also tried to open the config file offline and remove the rule, then I got this message:
    "Policy: Any From Firebox cannot be deleted because it is either a predefined, DVCP-created, template-created, or Dimension managed VPN policy"

    :neutral:

  • unselect Global Settings -> General -> Enable configuration of policies for traffic generated by the Firebox

  • @Bruce_Briggs said:
    unselect Global Settings -> General -> Enable configuration of policies for traffic generated by the Firebox

    Thanks, that was it!

  • edited October 2

    Note that unchecking "Enable configuration of policies for traffic generated by the Firebox" won't delete the policy; it just won't show it to you, but it's still there working in the background.

    The Firebox NEEDS that policy to operate. It allows the Firebox itself to go out to anywhere it needs for its services.

    Gregg Hill

    Firebox T15/T35-W
    Fireware 12.5.1 build 601804
    WSM 12.5.1 build 601717
    ISP = Spectrum Cable 100 x 10 service
    Management computers: Win 8.1 Pro 64-bit, Win 10 Pro 64-bit, Server 2012 R2

Sign In to comment.