Is there any way to apply multiple interface management profiles

A.Rith — Fri, 12 Jul 2024 05:04:28 GMT

I have an interface management profile that allow HTTPS, SSH and PING on an untrust interface for specific IP addresses.

My ISP cannot monitor this interface because their monitoring IP addresses are not in the list of permitted IP address. I don't want to add their IP addresses because I do not want these IP addresses to have SSH or HTTPS access to this interface. Is there any way to add an addtional interface management profile to that same interface? If not, is there any other way to only allow the IPS pin access to the interface while still allowing my management team to have SSH and HTTPS access?

What component is affected?
PA460

What version of firmware are you running on your device?
10.2.8

Re: Is there any way to apply multiple interface management profiles

reaper — Fri, 12 Jul 2024 10:00:38 GMT

Don't do https or ssh on an untrust interface! it's too easy to spoof IPs

Set a public management profile with only ping enabled

Then create globalprotect portal+gateway to give your staff secure access to your device and have them connect to the management interface, or possibly even a secured loopback interface with management profile

and to answer your question: you can only set one mgmt profile per interface

topic Re: Is there any way to apply multiple interface management profiles in General Topics

Is there any way to apply multiple interface management profiles

Re: Is there any way to apply multiple interface management profiles