Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Is there any way to apply multiple interface management profiles

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Is there any way to apply multiple interface management profiles

L0 Member
I have an interface management profile that allow HTTPS, SSH and PING on an untrust interface for specific IP addresses. 

My ISP cannot monitor this interface because their monitoring IP addresses are not in the list of permitted IP address. I don't want to add their IP addresses because I do not want these IP addresses to have SSH or HTTPS access to this interface. Is there any way to add an addtional interface management profile to that same interface? If not, is there any other way to only allow the IPS pin access to the interface while still allowing my management team to have SSH and HTTPS access?

What component is affected?
PA460

What version of firmware are you running on your device?
10.2.8

1 REPLY 1

Cyber Elite
Cyber Elite

Don't do https or ssh on an untrust interface! it's too easy to spoof IPs

 

Set a public management profile with only ping enabled

Then create globalprotect portal+gateway to give your staff secure access to your device and have them connect to the management interface, or possibly even a secured loopback interface with management profile

 

 

and to answer your question: you can only set one mgmt profile per interface

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 506 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!