Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

How can I clear the Enable Packet Monitor flag on multiple access rules ?

Andy107Andy107 Newbie ✭
in Firewall Management and Analytics

Hi - Newbie looking for some help

I needed to use the packet monitor based on a firewall rule and got some very strange results. It turns out that the Enable Packet Monitor flag was set on 350+ rules. Is there a quick way to clear these or do I have to slog it out rule by rule ?

Category: Firewall Management and Analytics
Reply

Answers

  • md3895md3895 Newbie ✭

    Use the CLI for this and the command for 6.5 is:


    config
access-rule ipv4 uuid "rule uuid"
no packet-monitoring
exit


    To do this for all rules you will need to get the UUID for each one. It's easier to run this on all rules than to find out which ones have the feature enabled. To get the UUIDs, run the following command in config mode:


    show access-rules statistics


    This will list all your access rules from which you can extract all the UUIDs. Copy the entire output into Excel and sort data into columns delimited with a space or however you see fit to extract the UUID. You can also use Excel to build the command by concatenating 'access-rule ipv4 uuid' with a space and the UUID.


    Use that process to build the command for each UUID and once you've built the complete command, copy and paste it into your SSH session. For example:


    access-rule ipv4 uuid 00000000-0000-0000-0000-000000000001
no packet-monitoring
exit
access-rule ipv4 uuid 00000000-0000-0000-0000-000000000002
no packet-monitoring
exit
.
.
.
access-rule ipv4 uuid 00000000-0000-0000-0000-000000000350
no packet-monitoring
exit


    To enable packet monitoring on the access rule that you need to monitor:

    access-rule ipv4 uuid 00000000-0000-0000-0000-00000000001
packet-monitoring
exit


Sign In or Register to comment.