https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14107#M10359 <HTML><HEAD></HEAD><BODY><P>This behavior is exactly what happens when something is denied by a rule...are you ABSOLUTELY sure that you have a rule that permits this? Are you seeing anything in the traffic logs? Also, 4.1.8 had some bugs that affected us...if you want to stay in the 4.1 8 block, I recommend 4.1.8HF3 , especially if you're running an HA pair.</P></BODY></HTML> Tue, 04 Jun 2013 17:55:25 GMT gil_arevalo 2013-06-04T17:55:25Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14104#M10356 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>I have a problem with my Palo Alto firewall deployment were the firewall seems to be resetting all connections using port TCP 22 (SSH, SCP, SFTP). I have done packet captures on the ingress interface of the firewall and it shows as if the connection is being reset on the server side. However, packet captures on the egress interface show as if the connection is reset on the client side.</P><P></P><P>Has anyone experienced this before, and can anyone help.</P><P></P><P>The set i have is roughly as shown below:</P><P></P><P>Client &lt;--------&gt; Palo Alto Firewall &lt;---------&gt; Server</P></BODY></HTML> Fri, 24 May 2013 20:39:26 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14104#M10356 pmutambudzi 2013-05-24T20:39:26Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14105#M10357 <HTML><HEAD></HEAD><BODY><P>what is your panos version ?</P><P>Does This issue happen to only one client - server connection or every client-server connection ?</P><P></P><P>you may try to write an applicetion override for that traffic, defining a new app and make tcp session time-out more than default to see if problem occurs or not.</P></BODY></HTML> Sun, 26 May 2013 08:56:13 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14105#M10357 Retired Member 2013-05-26T08:56:13Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14106#M10358 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>We are using version 4.1.8. SSH connections to internal private addresses are working fine. I see the problem when i try to SSH to any device with a public IP that is beyond this one particular firewall. Even sftp (port 22) to addresses on the Internet fails.</P><P></P><P>I have defined a custom app but the problem persists.</P><P></P><P>Partson.</P></BODY></HTML> Sun, 26 May 2013 17:43:34 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14106#M10358 pmutambudzi 2013-05-26T17:43:34Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14107#M10359 <HTML><HEAD></HEAD><BODY><P>This behavior is exactly what happens when something is denied by a rule...are you ABSOLUTELY sure that you have a rule that permits this? Are you seeing anything in the traffic logs? Also, 4.1.8 had some bugs that affected us...if you want to stay in the 4.1 8 block, I recommend 4.1.8HF3 , especially if you're running an HA pair.</P></BODY></HTML> Tue, 04 Jun 2013 17:55:25 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14107#M10359 gil_arevalo 2013-06-04T17:55:25Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14108#M10360 <HTML><HEAD></HEAD><BODY><P>Hi Gil,</P><P></P><P>I am currently running version 4.1.8 h3 and i have a rule that is explicitly allowing the traffic to go through. The traffic log shows the traffic is being allowed through.</P></BODY></HTML> Thu, 13 Jun 2013 13:09:15 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14108#M10360 pmutambudzi 2013-06-13T13:09:15Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14109#M10361 <HTML><HEAD></HEAD><BODY><P>Just curious, do you have any threat profiles assigned to the rule allowing this traffic? If yes, is there any threat log being generated for this traffic?</P></BODY></HTML> Thu, 13 Jun 2013 13:26:37 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14109#M10361 goku123 2013-06-13T13:26:37Z https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14110#M10362 <HTML><HEAD></HEAD><BODY><P>I actually do not have any threat prevention licence on this particular firewall.</P></BODY></HTML> Thu, 13 Jun 2013 13:35:54 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-seems-to-be-resetting-ssh-connections/m-p/14110#M10362 pmutambudzi 2013-06-13T13:35:54Z