Check box to 'disable' a rule

Would like to be able to disable/suspend a rule in the Firewall without deleting it or changing its’ sequence/priority. The ActionTec FW that Verizon FIOS is using has this feature.



Hi Guys,

1) +1 , ip-geek :-TU

2) the similar would perfectly fit to Defense+ rules as well

3) as for implementation it may not be a check box, but another option (on right-click and the button at the right) for moving such disabled rule(s) into the temporary location.

I can see at least one advantage in such implementation:
When internally program is scanning the rules it will not need to take care of this new flag (we can call it “active/inactive rule”) in order to apply rule or not. All rules in the list are “active” as it is now.

This virtual temporary location list management should be simple:
you can Return selected rules into the Active List or you can Delete selected disabled rules.

Perhaps some may find having checkbox more attractive because user can see all at once… but anyway the essence of the initial idea is really good.

My regards

p.s. Sorry for !ot! here but, since the rules were touched, here are few reminders about those from existing Wish List:

  • Search feature (very desirable, when the list is extensive)
  • Saving the rule into a file so it can be conveniently read and /or attached here. How many times users are posting images instead of that. Especially annoying for posting complex Firewall’s set of rules.



The new Pop-up Alert, for the Disabled ‘Application Rule’, should automatically ‘Remove’ the old (Disabled) Rules, and write the new ones; if ‘Remember my answer’ is Ticked.

The new Pop-up Alert should Warn you that, “a Rule already exists for this Application”, so that you can Untick ‘Remember my answer’.


A Network Security Policy already exists for this Application which is currently Disabled.

Potential Scenario:

  • The Firewall is in Training Mode, and ‘iexplore.exe’ has a Rule which is currently Disabled.
  • The user tries to open Internet Explorer.

I think in this case, ‘iexplore.exe’ should either:

  • a) Be ‘Blocked and Logged’, along with any other Application which has a Disabled ‘Network Security Policy’.
  • b) Automatically ‘Remove’ the old Rules, and write the new ones.

What does everyone else think? A, B or C? (C = ‘Other’, explain…)

Please also consider that there could be other ‘Potential Scenarios’ which I haven’t though of.

Maybe you have thought of one?

+1 :-TU


+1 :-TU


why not have 2 similar configurations, 1 with IE blocked and 1 allowed and switch between them?

why not have 2 similar configurations, 1 with IE blocked and 1 allowed and switch between them?
Hi gleach ,

First, why just IE was given as an example?

Then, the aim of the initial suggestion by ip-geek was to simplify the process of temporarily disabling / suspending existing subset of rules amongst whole set of rules which could quite extensive and complicated.

And finally even if you want to create separate configurations and switch between them you have to go through existing one anyway and somehow “uncheck” what you want and then save them as new configurations.

Otherwise, as far as I understand, in order to create new configuration with disabled subset(s) of rules user would be compelled to start from scratch and create such configuration.
That could be quite an exhausting experience


By all means PLEASE :cry: add this.

It is extremely difficult and time consuming to troubleshoot tight configurations without it.


Welcome to the forum, rurikc

Thanks for reminding us & developers about this request

That would be helpful indeed, but even better if such thing will be implemented together with another feature - a decent Search in Policies
The latter request feature has the " ancient history of waiting" :slight_smile:


p.s. and what about the ability to present whole rule in readable format, so when asking questions users don’t need to go through saving several screenshots… and so no… and many other helpful stuff in order to make life easier

Yes, please!!!

option to disable a firewall rule in place is a much needed feature.

i also agree with the suggested policy search capability, which should permit locating disabled rules, for example.

also needed: third option for rule action, in addition to block and allow, to permit logging (only) when control passes through that rule. such rules would otherwise simply be ignored.

:-TU to the check box idea.