06-18-2024 07:59 AM - edited 06-20-2024 11:39 PM
Hello team
Currently, I have a pair of FW 1410 Version: 11.0.4-h2, passive active and I have encountered the following problem
When creating new local users, with permissions, superuser I can not access via SSH to them locally but I can do it via GUI and all other users created previously.i.e. Users created some time ago in the FW are working correctly via GUI or CLI.
In the Passive FW I have no such problem, I can access at the time of creating new local users via CLI or GUI. Also I tried to do a failover and the FW that now is Passive works fine also on Active mode.Then the problem is always located in the same FW, whether it is passive or active.
I have already restarted the FW and loaded a new configuration file without success.
Any ideas?
The error CLI
System logs in FW Active looks like everything is fine.:-(
Regards
06-20-2024 01:21 AM
Hi @Alpalo ,
Could you try the following solutions:
In a HA pair, secondary Firewall's ssh connectivity(management port ) is lost
Hope this helps,
-Kim.
06-20-2024 03:23 AM
Thanks for your answer, the strange thing is that with old created users the access works correctly, it does not work with locally created and newly created users. do you undesrtand me?
06-20-2024 03:41 AM
Are you using the management interface to connect to the firewalls or data interfaces?
Because it seems to me that you may have an interface management profile with SSH allowed on the firewall where it works, but not on the other firewall. Interface management profile does not sync in an A/P HA.
Any useful information from the logs on the firewall where you can't access the GUI?
06-20-2024 11:37 PM
Hello,
No, it's not that, SSH is active in both and in the logs you can see that the user logs in correctly 😞
Greetings.
06-22-2024 07:50 PM
When you're looking at the "active" firewall that isn't allowing SSH login (which I'm just going to term non-functional) and compare it to the "passive" firewall (which is hence forth functional) have you run a configuration audit between the two to validate that they're actually configured the same? That's where I would start, so you can validate that none of the non-sync'd information between the two isn't accounting for the issue as @FadiSakkal11 mentioned. Nothing should be causing the issue that you described, but sometimes people get so locked into the issue that they overlook something simple.
It honestly sounds like you're not actually creating Superuser accounts and the accounts created don't actually have a CLI role assigned. That would fit the error that you're seeing alongside the fact that you're seeing a successful auth log. When you say that you have already restarted the firewall, what exactly did you restart? Did you restart the entire box, or did you just restart the management-server?
06-28-2024 01:57 AM
The configuration is identical.
08-21-2024 06:19 AM
Im having the same issue with 11.1.2H3 code... older admin pw working but newly created local users arent working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
