Wanting to write a script for easily turning on and off a firewallrule
Hello,
For a client of mine I have implemented a ZyXEL Flex 200. There is an extra VLAN created for a separate network which normally is not allowed on the internet. So I created a rule WAN to LAN1 with member VLAN set to deny. Until today both networks were completely separated without VLAN. But with the need of accessing a VM on both networks, I had to connect both networks with a VLAN.
However, sometimes for external support on his machines this client needs to enable the internet. Until today it was easy. When the cliënt wanted internet, he simply plugged a network cable in LAN2 interface of the zywall.
So what I want to try now, is to create a script that the client simply has to click on(from his own pc) to turn on and off this rule.
I already experimented with putty and found the necessary CLI commands, but now I'm stuck on how to go further. Anyone put this in a script yet? In Putty these are the commands I use:
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
Bad terminal type: "xterm". Will assume vt100.
Router> configure terminal
Router(config)# secure-policy 1
Router(secure-policy)# activate
Router(secure-policy)# exit
Router(config)#
Tried as suggested to put this in a txt file, but I keep getting stuck after entering the password, I get error that the session does not exist.
0
All Replies
-
Hi. You can do this via plink https://putty.org.ru/download.html software.
simply create a bat.file, with same content
echo y|plink.exe -ssh -l admin -pw Password 192.168.1.1 "exit" - that need for auto accept ssh public key. that command can be missed, if you accept manually piblic key
plink.exe -ssh -l admin -pw Password 192.168.1.1 < command.txt - that apply command file.
Your command file must see like
configure terminal
secure-policy 1
activate
exit
exit
exit
With blank line in the end for plink complete logout.
1 -
Welcome to the Zyxel community.
You can refer to the link below to perform one click action via script.
But it may have security risk if you provide a script to external support. Because firewall login credentials are stored in plain text . We strongly recommend adjusting firewall rules dynamically based on maintenance requests.
0 -
Hi @alexey,Thanks sharing this information. This tool is awesome and easy to use.You can refer to attached file to run script.0
Categories
- All Categories
- 199 Beta Program
- 1.8K Nebula
- 94 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 52 Switch Ideas
- 919 WirelessLAN
- 28 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 454 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 70 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight