3.3.9. Disabling rules and objects

During the management and maintenance of the firewall host it is often useful to be able to temporarily turn off certain rules, policies, and so on. In PNS this feature is implemented via the Disable/Enable options of the local menus. To display the local menu of a rule or object, right-click on the object. For example, a rule that is only rarely used, can be simply disabled when it is not required, to be enabled again when it is required. Disabled rules and objects are generated into the configuration file as comments with the # prefix.

Disabled objects can be edited, modified similarly to any other objects. However, their validity (whether for example, the required parameters are filled, their name is unique, and so on) is checked only when they are enabled again.

The following objects can be disabled in the various MC components:

Host:

Disabling a group automatically disables its childrens as well.

Note

Generated rules do not remain disabled after skeleton generation.

Application-level Gateway:

Networking:

Date and time:

Content Filtering:

AS:

  • Routers

IPSec VPN:

  • Connections

Mail transport:

  • Listen interfaces

  • Transport maps

  • Virtual maps

  • Sender address restrictions

  • Recipient address restrictions