Self destruct check mark for policies and schedules

L4 Transporter

Self destruct check mark for policies and schedules

A feature I would like to see in the future is a check mark to wipe a rule.  Example:  I have to setup rules that are good for a single time for particular users after which the rules is no longer necessary.

It would be a nice option to be able to have the rule remove itself once the schedule has expired. 



L7 Applicator

Re: Self destruct check mark for policies and schedules

While there's no option to actually remove a rule once a schedule expires, you can supply a schedule to a rule. If you make it non-recurring, it will only apply for the date(s) and times you specify.

Objects > Schedules > New. Create one that's non-recurring, and set it for the dates you want.

Now if you apply that schedule to a security rule (Actions column of the security rule, "other settings" section), then it will only apply while that schedule is active.

I like the idea of a rule that actually deletes itself. It would need to be aware of multiple users, commits, Panorama pushes, etc., but the schedule may be what you need for now. You could feasibly add a tag called "temporary" or something, then you can filter by that on your security policies and delete them en masse whenever you get around to it.

Hope this helps,

Greg Wesson

L4 Transporter

Re: Self destruct check mark for policies and schedules

Thanks for your reply.  I use the non-reoccurring schedule option a lot.  I tend to forget to go back and remove the rules and schedules figure it might be nice to automate their removal.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!