Description
This article describes how to configure two or more firewall schedules to control when policies take effect.
The schedule parameter in the policy configuration does not allow multiple schedules into a single policy.
Solution
In this example one customer needs to allow the traffic for a policy from monday to friday (08:00-17:30) and on saturdays (08:00-12:00).
To achieve this, follow this procedure:
1) Firewall schedule from monday to friday (08:00-17:30h).
# config firewall schedule recurring
edit "Monday_Friday"
set start 08:00
set end 17:30
set day monday tuesday wednesday thursday friday
next
end
2) Firewall schedule for saturdays (08:00-12:00h).
# config firewall schedule recurring
edit "weekend"
set start 08:00
set end 12:00
set day saturday
next
end
3) Configure a firewall schedule group.
# config firewall service group
edit Custom_Schedule
set member Monday_Friday weekend
next
end
3) Assign the schedule profile to a firewall policy and position it at the top.
# config firewall policy
edit 1
set srcintf "Internal"
set dstintf "WAN1"
set srcaddr "Internal_users"
set dstaddr "all"
set action accept
set schedule "Custom_Schedule"
set schedule-timeout enable
set service "ALL"
set nat enable
end
4) Enable schedule-timeout option on the firewall policy.
The schedule in a security policy enables certain aspects of network traffic to occur for a specific length of time.
The policy is active for a given time frame, and as long as the session is open, traffic can continue to flow.
