Wanting to write a script for easily turning on and off a firewallrule

Niels2021
Niels2021 Posts: 7  Freshman Member
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Engineer Level 1 - Switch
in Security
Hello,

For a client of mine I have implemented a ZyXEL Flex 200. There is an extra VLAN created for a separate network which normally is not allowed on the internet. So I created a rule WAN to LAN1 with member VLAN set to deny. Until today both networks were completely separated without VLAN. But with the need of accessing a VM on both networks, I had to connect both networks with a VLAN.
However, sometimes for external support on his machines this client needs to enable the internet. Until today it was easy. When the cliënt wanted internet, he simply plugged a network cable in LAN2 interface of the zywall.
So what I want to try now, is to create a script that the client simply has to click on(from his own pc) to turn on and off this rule.
I already experimented with putty and found the necessary CLI commands, but now I'm stuck on how to go further. Anyone put this in a script yet? In Putty these are the commands I use:

login as: admin

Keyboard-interactive authentication prompts from server:

| Password:

End of keyboard-interactive prompts from server

Bad terminal type: "xterm". Will assume vt100.

Router> configure terminal

Router(config)# secure-policy 1

Router(secure-policy)# activate

Router(secure-policy)# exit

Router(config)#


Tried as suggested to put this in a txt file, but I keep getting stuck after entering the password, I get error that the session does not exist.

All Replies

  • alexey
    alexey Posts: 188  Master Member
    First Comment Friend Collector Fifth Anniversary
    Hi. You can do this via plink https://putty.org.ru/download.html software.
    simply create a bat.file, with same content
    echo y|plink.exe -ssh -l admin -pw Password 192.168.1.1 "exit" - that need for auto accept ssh public key. that command can be missed, if you accept manually piblic key
    plink.exe -ssh -l admin -pw Password 192.168.1.1 < command.txt - that apply command file.
    Your command file must see like
    configure terminal
    secure-policy 1
    activate
    exit
    exit
    exit

    With blank line in the end for plink complete logout.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,520  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Welcome to the Zyxel community. B)
    You can refer to the link below to perform one click action via script.
    But it may have security risk if you provide a script to external support. Because firewall login credentials are stored in plain text . We strongly recommend adjusting firewall rules dynamically based on maintenance requests.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,520  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited June 2021
    Thanks sharing this information. This tool is awesome and easy to use. :)
    You can refer to attached file to run script.


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)