https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/125057#M46389 <P>To add to this if you are remotely managing these devices then I would highly recommend setting a management profile that strictly limits the amount of IP addresses that can actually manage this device. That way you can not only be secure in knowing that nobody can just login to your device but they won't even see the login page or get access to the devices management if they don't have the set IP addresses.&nbsp;</P> Tue, 08 Nov 2016 19:12:22 GMT BPry 2016-11-08T19:12:22Z https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/119118#M45764 <P>Hello,</P><P>&nbsp;</P><P>How can we block SSH login attempts (With root account )which are made from external IPs in Paloalto.</P><P>&nbsp;</P><P>Note: We also have customers who login from external Ips. We dont have customer Ip list to white list.</P><P>&nbsp;</P><P>Thanks and Regards.</P> Fri, 14 Oct 2016 05:53:12 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/119118#M45764 Shyam01 2016-10-14T05:53:12Z https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/119119#M45765 <P>enabling an ACL would be preferable, but if this is not possible: to prevent exposing your management interface to the internet, you could set up GlobalProtect connections for your customers that need access to thte management interface</P> <P>&nbsp;</P> <P>that way they'll first need to VPN into the device before they cn connect to management, which is much safer</P> <P>&nbsp;</P> <P>obfuscation can also help, by enabling the management profile on a loopback interface, and then setting up a Port Address Translation policy that translates, for example, your public IP's port 22222 to the loopback internal port 22</P> Fri, 14 Oct 2016 06:27:41 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/119119#M45765 reaper 2016-10-14T06:27:41Z https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/124895#M46376 <P>Thank you for the information. Could you kindly provide detail information on second point or provide the referense site to undastand.</P><P>&nbsp;</P><P>Note: As I said before, we dont have customer IPs list to whitelist.</P><P>&nbsp;</P> Tue, 08 Nov 2016 09:32:26 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/124895#M46376 Shyam01 2016-11-08T09:32:26Z https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/124949#M46384 <P>For GlobalProtect:</P><P><A href="https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/globalprotect-quick-configs" target="_blank">https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/globalprotect-quick-configs</A></P><P>&nbsp;</P> Tue, 08 Nov 2016 13:38:10 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/124949#M46384 santonic 2016-11-08T13:38:10Z https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/125057#M46389 <P>To add to this if you are remotely managing these devices then I would highly recommend setting a management profile that strictly limits the amount of IP addresses that can actually manage this device. That way you can not only be secure in knowing that nobody can just login to your device but they won't even see the login page or get access to the devices management if they don't have the set IP addresses.&nbsp;</P> Tue, 08 Nov 2016 19:12:22 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-login-attempts-with-root-account-from-external-ips/m-p/125057#M46389 BPry 2016-11-08T19:12:22Z