https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17811#M12968 <HTML><HEAD></HEAD><BODY><P>I'm going to assume SSH is enabled.</P><P></P><P>On our External interface the management profile is: Allow_ping_ssh_https</P><P></P><P>As far as threat logs, I don't see any for SSH in our current logset which does not go as far back as when these SSH Handshake logs were noticed.</P></BODY></HTML> Tue, 18 Nov 2014 21:06:56 GMT MatthewSmith 2014-11-18T21:06:56Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17809#M12966 <HTML><HEAD></HEAD><BODY><P>We randomly seem to get some alerts that say:</P><P></P><P>SYSTEM ALERT : high :&nbsp; error: Key exchange failed in SSH handshake - DH key </P><P></P><P>I'm new to Palo Alto firewalls and was just curious if this is something that can be ignored? Was thinking that this might be the result of just some networking issue this to fail and generate this alert.</P></BODY></HTML> Tue, 18 Nov 2014 20:51:06 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17809#M12966 MatthewSmith 2014-11-18T20:51:06Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17810#M12967 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Do you have SSH enabled on the external interface of this PAN firewall. Is there any threat logs on this PAN FW Monitor &gt; Logs &gt; Threat.?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 18 Nov 2014 20:59:40 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17810#M12967 HULK 2014-11-18T20:59:40Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17811#M12968 <HTML><HEAD></HEAD><BODY><P>I'm going to assume SSH is enabled.</P><P></P><P>On our External interface the management profile is: Allow_ping_ssh_https</P><P></P><P>As far as threat logs, I don't see any for SSH in our current logset which does not go as far back as when these SSH Handshake logs were noticed.</P></BODY></HTML> Tue, 18 Nov 2014 21:06:56 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17811#M12968 MatthewSmith 2014-11-18T21:06:56Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17812#M12969 <HTML><HEAD></HEAD><BODY><P>Hello </P><P></P><P>It seems that this alert was generated because of a failed attempt to gain access to the device via SSH. If you think, someone is trying to get unauthorized access on your device, you may configure "permitted IP Addresses" list on your PAN firewall. </P><P><IMG alt="permitted-list.jpg" class="image-0 jive-image" height="344" src="https://live.paloaltonetworks.com/legacyfs/online/16931_permitted-list.jpg" style="height: 343.840796019901px; width: 424px;" width="424" /></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 19 Nov 2014 04:37:02 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17812#M12969 HULK 2014-11-19T04:37:02Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17813#M12970 <HTML><HEAD></HEAD><BODY><P>Ok thank you. That is what I was looking for.</P><P></P><P>Thanks for the help.</P></BODY></HTML> Wed, 19 Nov 2014 15:07:36 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17813#M12970 MatthewSmith 2014-11-19T15:07:36Z https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17814#M12971 <HTML><HEAD></HEAD><BODY><P>Hi Mathrew,</P><P></P><P>I tried to reproduce this error, but wasnt successful in any configuration scenario.</P><P></P><P>Do you have accessive SSH attempts on firewall, this kind of error comes in DOS scenario.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Wed, 19 Nov 2014 15:23:43 GMT https://live.paloaltonetworks.com/t5/general-topics/log-question-key-exchange/m-p/17814#M12971 hshah 2014-11-19T15:23:43Z