Wanting to write a script for easily turning on and off a firewallrule


For a client of mine I have implemented a ZyXEL Flex 200. There is an extra VLAN created for a separate network which normally is not allowed on the internet. So I created a rule WAN to LAN1 with member VLAN set to deny. Until today both networks were completely separated without VLAN. But with the need of accessing a VM on both networks, I had to connect both networks with a VLAN.
However, sometimes for external support on his machines this client needs to enable the internet. Until today it was easy. When the cliënt wanted internet, he simply plugged a network cable in LAN2 interface of the zywall.
So what I want to try now, is to create a script that the client simply has to click on(from his own pc) to turn on and off this rule.
I already experimented with putty and found the necessary CLI commands, but now I'm stuck on how to go further. Anyone put this in a script yet? In Putty these are the commands I use:

login as: admin

Keyboard-interactive authentication prompts from server:

| Password:

End of keyboard-interactive prompts from server

Bad terminal type: "xterm". Will assume vt100.

Router> configure terminal

Router(config)# secure-policy 1

Router(secure-policy)# activate

Router(secure-policy)# exit


Tried as suggested to put this in a txt file, but I keep getting stuck after entering the password, I get error that the session does not exist.

All Replies

  • alexey
    alexey Posts: 188  Master Member
    First Anniversary 10 Comments Friend Collector
    Hi. You can do this via plink https://putty.org.ru/download.html software.
    simply create a bat.file, with same content
    echo y|plink.exe -ssh -l admin -pw Password "exit" - that need for auto accept ssh public key. that command can be missed, if you accept manually piblic key
    plink.exe -ssh -l admin -pw Password < command.txt - that apply command file.
    Your command file must see like
    configure terminal
    secure-policy 1

    With blank line in the end for plink complete logout.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,464  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Welcome to the Zyxel community. B)
    You can refer to the link below to perform one click action via script.
    But it may have security risk if you provide a script to external support. Because firewall login credentials are stored in plain text . We strongly recommend adjusting firewall rules dynamically based on maintenance requests.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,464  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2021
    Thanks sharing this information. This tool is awesome and easy to use. :)
    You can refer to attached file to run script.

Security Highlight