How to edit or delete auto added Access Rule(s) and NAT Policies
06/11/2020 100 16708
The firewall automatically creates the set of access rules as well as NAT policies for certain applications to work for the convenience of administrators. Those entries are not permitted to remove or fully edit by default. If there is an absolute requirement to modify/delete then it can be enabled through diag.html.
NOTE: This option is only available on firmware 5.9 for Gen 5 devices, firmware 6.2.5.x, and above on all Gen 6 devices and on all firmware for Gen 6.5 devices. If you are running on an older firmware, please upgrade the firmware to see this option. You can refer to How Can I Upgrade SonicOS Firmware? for the firmware upgrade procedure.
Log on to appliance GUI.
Go to the diag page after login. Do this by changing the URL http://192.168.168.168/main.html to http://192.168.168.168/diag.html.
Click Internal Settings. The configuration options are displayed.
Navigate to Firewall Settings and select the "Enable the ability to remove and fully edit auto-added access rules".
With this option enabled you can edit/remove auto-added Access Rules.
Navigate to MANAGE | Rules | Access Rules if you are on 6.5 firmware or to Firewall | Access Rules in you are on 6.2 firmware or below. You will see the option of delete icons appear on the right of the default entries. Click the Edit button, all the options on the edit page will now be editable.
Make sure to disable the option once the required modifications are completed by going to diag.html and by unchecking "Enable the ability to remove and fully edit auto-added access rules".
You can choose the option "Enable the ability to disable auto-added NAT policy" just below this option in the diag page to disable default auto-added NAT policies under MANAGE | Rules | NAT Policies if you are on 6.5 firmware or Network | NAT Policies in you are on 6.2 firmware or below.