Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How can I clear the Enable Packet Monitor flag on multiple access rules ?

Hi - Newbie looking for some help

I needed to use the packet monitor based on a firewall rule and got some very strange results. It turns out that the Enable Packet Monitor flag was set on 350+ rules. Is there a quick way to clear these or do I have to slog it out rule by rule ?

Category: Firewall Management and Analytics
Reply

Answers

  • md3895md3895 Newbie ✭

    Use the CLI for this and the command for 6.5 is:


    config
    access-rule ipv4 uuid "rule uuid"
    no packet-monitoring
    exit
    


    To do this for all rules you will need to get the UUID for each one. It's easier to run this on all rules than to find out which ones have the feature enabled. To get the UUIDs, run the following command in config mode:


    show access-rules statistics
    


    This will list all your access rules from which you can extract all the UUIDs. Copy the entire output into Excel and sort data into columns delimited with a space or however you see fit to extract the UUID. You can also use Excel to build the command by concatenating 'access-rule ipv4 uuid' with a space and the UUID.


    Use that process to build the command for each UUID and once you've built the complete command, copy and paste it into your SSH session. For example:


    access-rule ipv4 uuid 00000000-0000-0000-0000-000000000001
    no packet-monitoring
    exit
    access-rule ipv4 uuid 00000000-0000-0000-0000-000000000002
    no packet-monitoring
    exit
    .
    .
    .
    access-rule ipv4 uuid 00000000-0000-0000-0000-000000000350
    no packet-monitoring
    exit
    


    To enable packet monitoring on the access rule that you need to monitor:

    access-rule ipv4 uuid 00000000-0000-0000-0000-00000000001
    packet-monitoring
    exit
    


Sign In or Register to comment.