Wanting to write a script for easily turning on and off a firewallrule
Hello,
For a client of mine I have implemented a ZyXEL Flex 200. There is an extra VLAN created for a separate network which normally is not allowed on the internet. So I created a rule WAN to LAN1 with member VLAN set to deny. Until today both networks were completely separated without VLAN. But with the need of accessing a VM on both networks, I had to connect both networks with a VLAN.
However, sometimes for external support on his machines this client needs to enable the internet. Until today it was easy. When the cliënt wanted internet, he simply plugged a network cable in LAN2 interface of the zywall.
So what I want to try now, is to create a script that the client simply has to click on(from his own pc) to turn on and off this rule.
I already experimented with putty and found the necessary CLI commands, but now I'm stuck on how to go further. Anyone put this in a script yet? In Putty these are the commands I use:
login as: admin
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
Bad terminal type: "xterm". Will assume vt100.
Router> configure terminal
Router(config)# secure-policy 1
Router(secure-policy)# activate
Router(secure-policy)# exit
Router(config)#
Tried as suggested to put this in a txt file, but I keep getting stuck after entering the password, I get error that the session does not exist.
0
All Replies
-
Hi. You can do this via plink https://putty.org.ru/download.html software.
simply create a bat.file, with same content
echo y|plink.exe -ssh -l admin -pw Password 192.168.1.1 "exit" - that need for auto accept ssh public key. that command can be missed, if you accept manually piblic key
plink.exe -ssh -l admin -pw Password 192.168.1.1 < command.txt - that apply command file.
Your command file must see like
configure terminal
secure-policy 1
activate
exit
exit
exit
With blank line in the end for plink complete logout.
1 -
Welcome to the Zyxel community.
You can refer to the link below to perform one click action via script.
But it may have security risk if you provide a script to external support. Because firewall login credentials are stored in plain text . We strongly recommend adjusting firewall rules dynamically based on maintenance requests.
0 -
Hi @alexey,Thanks sharing this information. This tool is awesome and easy to use.
You can refer to attached file to run script.0
Ally Member
Guru Member
Categories
- 7.9K All Categories
- 1.6K Nebula
- 52 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.3K Security
- 224 Security Ideas
- 967 Switch
- 46 Switch Ideas
- 790 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 53 Security Advisories
- 6 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 71 About Community
- 40 Security Highlight
