This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Firewall Seems to Be resetting SSH Connections

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Firewall Seems to Be resetting SSH Connections

pmutambudzi
L0 Member

‎05-24-2013 01:39 PM

HI,

I have a problem with my Palo Alto firewall deployment were the firewall seems to be resetting all connections using port TCP 22 (SSH, SCP, SFTP). I have done packet captures on the ingress interface of the firewall and it shows as if the connection is being reset on the server side. However, packet captures on the egress interface show as if the connection is reset on the client side.

Has anyone experienced this before, and can anyone help.

The set i have is roughly as shown below:

Client <--------> Palo Alto Firewall <---------> Server

0 Likes Likes
6 REPLIES 6

panos
L6 Presenter

‎05-26-2013 01:56 AM

what is your panos version ?

Does This issue happen to only one client - server connection or every client-server connection ?

you may try to write an applicetion override for that traffic, defining a new app and make tcp session time-out more than default to see if problem occurs or not.

0 Likes Likes

pmutambudzi
L0 Member
In response to panos

‎05-26-2013 10:43 AM

Hi,

We are using version 4.1.8. SSH connections to internal private addresses are working fine. I see the problem when i try to SSH to any device with a public IP that is beyond this one particular firewall. Even sftp (port 22) to addresses on the Internet fails.

I have defined a custom app but the problem persists.

Partson.

0 Likes Likes

gil_arevalo
Not applicable
In response to pmutambudzi

‎06-04-2013 10:55 AM

This behavior is exactly what happens when something is denied by a rule...are you ABSOLUTELY sure that you have a rule that permits this? Are you seeing anything in the traffic logs? Also, 4.1.8 had some bugs that affected us...if you want to stay in the 4.1 8 block, I recommend 4.1.8HF3 , especially if you're running an HA pair.

0 Likes Likes

pmutambudzi
L0 Member
In response to gil_arevalo

‎06-13-2013 06:09 AM

Hi Gil,

I am currently running version 4.1.8 h3 and i have a rule that is explicitly allowing the traffic to go through. The traffic log shows the traffic is being allowed through.

0 Likes Likes

goku123
L7 Applicator

‎06-13-2013 06:26 AM

Just curious, do you have any threat profiles assigned to the rule allowing this traffic? If yes, is there any threat log being generated for this traffic?

0 Likes Likes

pmutambudzi
L0 Member
In response to goku123

‎06-13-2013 06:35 AM

I actually do not have any threat prevention licence on this particular firewall.

0 Likes Likes
  • 4004 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks