SSH decrypt and not decrypt

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSH decrypt and not decrypt

L1 Bithead

Hi.

 

I have an ERP server on the inside which must be access from supplier via SSH. Trying both using proxy and no decrypt but always getting Aged out in traffic monitor. 

 

I don't have access to the ERP system but I got the routing printed and it looks ok. 

 

Any ideas what would be causing aged out? Firewall in the *nix machine? 

(Trying to get access to the *nix machine and have a look)

 

Best regards

 

/Ronnie

4 REPLIES 4

L7 Applicator

Sounds like a good theory that the issue is on the server since you can see the session is permitted on the PA.

 

You could also do a packet capture of the login attempt, this might give you more specific information on where the process is failing.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/monitor/monitor-packet-c...

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L3 Networker

in addition to what @pulukas said,

 

you can run tcpdump on the *nix machine as well.

 

SInce it is hosted inside, i am assuming you have made sure of NAT to be working correctly.

 

~HTH

Hello,

Is this over a VPN tunnel? Do the traceroutes look ok, if allowed? When you view the traffic logs, where is it getting dropped as opposed to how your rule is written to allow the traffic.

 

Please advise,

L1 Bithead

Hi

 

Got access to the *nix machine. 

Guess what, there was an firewall implmeneted (that the supplier didn't know about)

 

So when this was resolved everything works as expeceted. 

 

thanks for all the replies. 

 

Best regards

 

/Ronnie

 

 

  • 2339 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!