Disable firewall/NAT rule

Gordon
Getting noticed

Disable firewall/NAT rule

I have been looking but I don't see an option for this.  Is there a way to temporarily disable a firewall or NAT rule.  We have to do that occasionally and right now the only option I see is to delete the rule.

 

Thanks, Gordon

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I can't find of any easy way to temporarily disable a single rule. You could use group policy to override all rules (such as using the built in white list policy).

Adam
Kind of a big deal

I've thought that would be a useful feature as well.  Occasionally I just want to disable a rule to test if it is causing issues without having to delete and re-create it. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Gordon
Getting noticed

Yep.  And sometimes I need to create a temporary rule for some project that we have.  It is just easier sometimes to be able to click disable.  Same with NAT.  I have done it with those as well at times.   Put in a Wish for it.  Maybe if they get enough they will add it.  It should be fairly simple to do.

The MX beta firmware 15.3/15.4 allows NO-NAT configuration. I debated using it and opted to run with turning off NAT on the port on the device ahead of the MX, so there is not a double NATting issue. Optionally, I can turn the NATting back on to test what occurs . . .

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
A_Swope
Just browsing

I know this is old, but here's another vote to allow rules to be disabled.  My rep convinced me to "upgrade" from ASA-5525 due to them reaching EOL.   These MXs are not nearly as feature rich.  Cannot NAT across internal ports, cannot disable rules, no test (apply) then commit pattern.    On the other hand, traffic analysis is MUCH better.

 

My two mfu use cases:  testing a new rule;  confirming an old rule is no longer needed.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels