Wanting to write a script for easily turning on and off a firewallrule
Hello,
For a client of mine I have implemented a ZyXEL Flex 200. There is an extra VLAN created for a separate network which normally is not allowed on the internet. So I created a rule WAN to LAN1 with member VLAN set to deny. Until today both networks were completely separated without VLAN. But with the need of accessing a VM on both networks, I had to connect both networks with a VLAN.
However, sometimes for external support on his machines this client needs to enable the internet. Until today it was easy. When the cliënt wanted internet, he simply plugged a network cable in LAN2 interface of the zywall.
So what I want to try now, is to create a script that the client simply has to click on(from his own pc) to turn on and off this rule.
I already experimented with putty and found the necessary CLI commands, but now I'm stuck on how to go further. Anyone put this in a script yet? In Putty these are the commands I use:
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
Bad terminal type: "xterm". Will assume vt100.
Router> configure terminal
Router(config)# secure-policy 1
Router(secure-policy)# activate
Router(secure-policy)# exit
Router(config)#
Tried as suggested to put this in a txt file, but I keep getting stuck after entering the password, I get error that the session does not exist.
0
All Replies
-
Hi. You can do this via plink https://putty.org.ru/download.html software.
simply create a bat.file, with same content
echo y|plink.exe -ssh -l admin -pw Password 192.168.1.1 "exit" - that need for auto accept ssh public key. that command can be missed, if you accept manually piblic key
plink.exe -ssh -l admin -pw Password 192.168.1.1 < command.txt - that apply command file.
Your command file must see like
configure terminal
secure-policy 1
activate
exit
exit
exit
With blank line in the end for plink complete logout.
1 -
Welcome to the Zyxel community.
You can refer to the link below to perform one click action via script.
But it may have security risk if you provide a script to external support. Because firewall login credentials are stored in plain text . We strongly recommend adjusting firewall rules dynamically based on maintenance requests.
0 -
Hi @alexey,Thanks sharing this information. This tool is awesome and easy to use.You can refer to attached file to run script.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight