https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212236#M61910 <P>Hi.</P><P>&nbsp;</P><P>I have an ERP server on the inside which must be access from supplier via SSH. Trying both using proxy and no decrypt but always getting Aged out in traffic monitor.&nbsp;</P><P>&nbsp;</P><P>I don't have access to the ERP system but I got the routing printed and it looks ok.&nbsp;</P><P>&nbsp;</P><P>Any ideas what would be causing aged out? Firewall in the *nix machine?&nbsp;</P><P>(Trying to get access to the *nix machine and have a look)</P><P>&nbsp;</P><P>Best regards</P><P>&nbsp;</P><P>/Ronnie</P> Mon, 30 Apr 2018 08:02:44 GMT RonnieAxelsson 2018-04-30T08:02:44Z https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212236#M61910 <P>Hi.</P><P>&nbsp;</P><P>I have an ERP server on the inside which must be access from supplier via SSH. Trying both using proxy and no decrypt but always getting Aged out in traffic monitor.&nbsp;</P><P>&nbsp;</P><P>I don't have access to the ERP system but I got the routing printed and it looks ok.&nbsp;</P><P>&nbsp;</P><P>Any ideas what would be causing aged out? Firewall in the *nix machine?&nbsp;</P><P>(Trying to get access to the *nix machine and have a look)</P><P>&nbsp;</P><P>Best regards</P><P>&nbsp;</P><P>/Ronnie</P> Mon, 30 Apr 2018 08:02:44 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212236#M61910 RonnieAxelsson 2018-04-30T08:02:44Z https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212255#M61913 <P>Sounds like a good theory that the issue is on the server since you can see the session is permitted on the PA.</P><P>&nbsp;</P><P>You could also do a packet capture of the login attempt, this might give you more specific information on where the process is failing.</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/monitor/monitor-packet-capture" target="_blank">https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/monitor/monitor-packet-capture</A></P><P>&nbsp;</P> Mon, 30 Apr 2018 10:03:04 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212255#M61913 pulukas 2018-04-30T10:03:04Z https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212357#M61931 <P>in addition to what&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/9524">@pulukas</a>&nbsp;said,</P><P>&nbsp;</P><P>you can run tcpdump on the *nix machine as well.</P><P>&nbsp;</P><P>SInce it is hosted inside, i am assuming you have made sure of NAT to be working correctly.</P><P>&nbsp;</P><P>~HTH</P> Mon, 30 Apr 2018 20:47:21 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212357#M61931 Harshit 2018-04-30T20:47:21Z https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212367#M61934 <P>Hello,</P><P>Is this over a VPN tunnel? Do the traceroutes look ok, if allowed? When you view the traffic logs, where is it getting dropped as opposed to how your rule is written to allow the traffic.</P><P>&nbsp;</P><P>Please advise,</P> Mon, 30 Apr 2018 22:09:57 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212367#M61934 OtakarKlier 2018-04-30T22:09:57Z https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212561#M61973 <P>Hi</P><P>&nbsp;</P><P>Got access to the *nix machine.&nbsp;</P><P>Guess what, there was an firewall implmeneted (that the supplier didn't know about)</P><P>&nbsp;</P><P>So when this was resolved everything works as expeceted.&nbsp;</P><P>&nbsp;</P><P>thanks for all the replies.&nbsp;</P><P>&nbsp;</P><P>Best regards</P><P>&nbsp;</P><P>/Ronnie</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 02 May 2018 09:33:29 GMT https://live.paloaltonetworks.com/t5/general-topics/ssh-decrypt-and-not-decrypt/m-p/212561#M61973 RonnieAxelsson 2018-05-02T09:33:29Z