XGS 19.5 Firewall rules enable/disable via cronjob

Question

HI, 
 if it possible to enable/disable firewall rules via cronjob. The customer wants certain firewall rules to be deactivated every evening, the rules are activated manually upon request. 
 I was able to do that on the SG, it was possible to turn on/off firewall rules via cli, I then ran it with a cron job.

LuCar Toni · Answer

You could do it via API and do it on your script server. But to be honest, this sounds like a odd scenario.

Wayne Folta · Answer

A little confused here. You seem to be saying that the rules should only apply during business hours (auto on and off), but then mention "manually upon request". 
 SFOS 19.5 supports the creation of arbitrary time periods -- already has business hours, etc pre-defined, but you can make your own -- and the application of them to firewall rules, from within the GUI. So it sounds like the "manually upon request" part is eliminating that as an option and cron can do what you need? Or do you mean that the time limits themselves are further turned on and off by cron? Or that the cron job runs on a server, not the XGS? 
 If you mean that you want certain rules active only during business hours and that you might want to manually turn this off or on, you can easily go the firewall rule and switch from a business-hours-only timeframe to an all-the-time manually. If you want to apply this to multiple rules, you might create a custom time period definition, use it in all the rules you need to, and change that definition to go from business hours to all-the-time. (I imagine that LuCar Toni might have a way to automate that somehow.)

XGS 19.5 Firewall rules enable/disable via cronjob

Top Replies