Have a PA820 connected to a remote machine via IPsec tunnel - Management port has been opened up to access over LAN (works) - and can ping the Management IP over the tunnel - but am not able to connect to the web GUI. Any pointers?
Many thanks in advance!
Hi @OtakarKlier, thanks for the reply! Turned out it was a policy in Policies > Security, which we called "Access from Remote" (which isn't actually remote, but a remote computer on the same LAN we wanted access from). Under Application it had "Ping" which I changed to "Any". Now I am able to ping AND access the web GUI (I assume SSH will work now as well).
Question - how much of a security hole is this? What else should I do to secure it even more? I understand having the Mgmt port completely closed off will do the trick - but its a remote office so need to be able to run configurations (and we are not using Panorama)
Well your effectively authorizing that one device to do whatever it wants to the management port of your firewall, which wouldn't be exactly something I would call best practice.
I would modify this security policy so the application is [ ping ssh ssl panos-web-interface ], and then I would only the necissary IPs that need to access this device under Permitted IPs so that no other device can contact the management interface.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!