topic Re: New local users created not working on FW Active but yes working on FW Passive in General Topics

New local users created not working on FW Active but yes working on FW Passive

Alpalo — Fri, 21 Jun 2024 06:39:13 GMT

Hello team

Currently, I have a pair of FW 1410 Version: 11.0.4-h2, passive active and I have encountered the following problem

When creating new local users, with permissions, superuser I can not access via SSH to them locally but I can do it via GUI and all other users created previously.i.e. Users created some time ago in the FW are working correctly via GUI or CLI.

In the Passive FW I have no such problem, I can access at the time of creating new local users via CLI or GUI. Also I tried to do a failover and the FW that now is Passive works fine also on Active mode.Then the problem is always located in the same FW, whether it is passive or active.

I have already restarted the FW and loaded a new configuration file without success.

Any ideas?

The error CLI

System logs in FW Active looks like everything is fine.:-(

Regards

Re: New local users created not working on FW Active but yes working on FW Passive

kiwi — Thu, 20 Jun 2024 08:21:35 GMT

Hi @Alpalo ,

Could you try the following solutions:

In a HA pair, secondary Firewall's ssh connectivity(management port ) is lost

Hope this helps,

-Kim.

Re: New local users created not working on FW Active but yes working on FW Passive

Alpalo — Thu, 20 Jun 2024 10:23:34 GMT

Thanks for your answer, the strange thing is that with old created users the access works correctly, it does not work with locally created and newly created users. do you undesrtand me?

Re: New local users created not working on FW Active but yes working on FW Passive

FadiSakkal11 — Thu, 20 Jun 2024 10:41:12 GMT

Are you using the management interface to connect to the firewalls or data interfaces?

Because it seems to me that you may have an interface management profile with SSH allowed on the firewall where it works, but not on the other firewall. Interface management profile does not sync in an A/P HA.

Any useful information from the logs on the firewall where you can't access the GUI?

Re: New local users created not working on FW Active but yes working on FW Passive

Alpalo — Fri, 21 Jun 2024 06:37:00 GMT

Hello,

No, it's not that, SSH is active in both and in the logs you can see that the user logs in correctly 😞

Greetings.

Re: New local users created not working on FW Active but yes working on FW Passive

BPry — Sun, 23 Jun 2024 02:50:12 GMT

@Alpalo,

When you're looking at the "active" firewall that isn't allowing SSH login (which I'm just going to term non-functional) and compare it to the "passive" firewall (which is hence forth functional) have you run a configuration audit between the two to validate that they're actually configured the same? That's where I would start, so you can validate that none of the non-sync'd information between the two isn't accounting for the issue as @FadiSakkal11 mentioned. Nothing should be causing the issue that you described, but sometimes people get so locked into the issue that they overlook something simple.

It honestly sounds like you're not actually creating Superuser accounts and the accounts created don't actually have a CLI role assigned. That would fit the error that you're seeing alongside the fact that you're seeing a successful auth log. When you say that you have already restarted the firewall, what exactly did you restart? Did you restart the entire box, or did you just restart the management-server?

Re: New local users created not working on FW Active but yes working on FW Passive

Alpalo — Fri, 28 Jun 2024 08:57:10 GMT

The configuration is identical.

Re: New local users created not working on FW Active but yes working on FW Passive

Nicole_Perez — Wed, 21 Aug 2024 13:19:31 GMT

Im having the same issue with 11.1.2H3 code... older admin pw working but newly created local users arent working.