I have been looking but I don't see an option for this. Is there a way to temporarily disable a firewall or NAT rule. We have to do that occasionally and right now the only option I see is to delete the rule.
Thanks, Gordon
I can't find of any easy way to temporarily disable a single rule. You could use group policy to override all rules (such as using the built in white list policy).
I've thought that would be a useful feature as well. Occasionally I just want to disable a rule to test if it is causing issues without having to delete and re-create it.
Yep. And sometimes I need to create a temporary rule for some project that we have. It is just easier sometimes to be able to click disable. Same with NAT. I have done it with those as well at times. Put in a Wish for it. Maybe if they get enough they will add it. It should be fairly simple to do.
The MX beta firmware 15.3/15.4 allows NO-NAT configuration. I debated using it and opted to run with turning off NAT on the port on the device ahead of the MX, so there is not a double NATting issue. Optionally, I can turn the NATting back on to test what occurs . . .
I know this is old, but here's another vote to allow rules to be disabled. My rep convinced me to "upgrade" from ASA-5525 due to them reaching EOL. These MXs are not nearly as feature rich. Cannot NAT across internal ports, cannot disable rules, no test (apply) then commit pattern. On the other hand, traffic analysis is MUCH better.
My two mfu use cases: testing a new rule; confirming an old rule is no longer needed.