https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12013#M8810 <HTML><HEAD></HEAD><BODY><P>I would definitely open a support case so that we can review the logs and configuration. I had a similar case recently, and the cause was a couple of configuration items (using applications listed as tcp/dynamic and setting tcp-reject-non-syn to no).</P></BODY></HTML> Fri, 15 Nov 2013 13:22:10 GMT cstancill 2013-11-15T13:22:10Z https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12012#M8809 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>I have a rule that permit traffic from "untrust" to some servers in "DMZ" but only for applicacions FTP, SSL and web-browsing, the problem is someone has gained access through SSH using the tcp 22. Shouldn't the PaloAlto has block this kind of traffic? Anyone knows a solution for this problem or know how to block some ip address?</P><P></P><P>Best regards</P><P></P><P>Gonzalo Arroyo</P></BODY></HTML> Fri, 15 Nov 2013 13:04:44 GMT https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12012#M8809 SOC_CSG 2013-11-15T13:04:44Z https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12013#M8810 <HTML><HEAD></HEAD><BODY><P>I would definitely open a support case so that we can review the logs and configuration. I had a similar case recently, and the cause was a couple of configuration items (using applications listed as tcp/dynamic and setting tcp-reject-non-syn to no).</P></BODY></HTML> Fri, 15 Nov 2013 13:22:10 GMT https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12013#M8810 cstancill 2013-11-15T13:22:10Z https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12014#M8811 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>My suggestion is after allowing the required apps (<SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"> FTP, SSL and web-browsing</SPAN> ) what was the service set as ? If it is "Application-Default" indicating that only those ports will be opened which are used by the allowed apps as informed earlier.</P><P>By doing so no other port can be opened to pass through that security rule.</P><P></P><P>Thanks</P></BODY></HTML> Fri, 15 Nov 2013 16:29:30 GMT https://live.paloaltonetworks.com/t5/general-topics/unauthorized-ssh-access-through-port-22/m-p/12014#M8811 Phoenix 2013-11-15T16:29:30Z