10-13-2016 10:50 PM - edited 10-13-2016 10:53 PM
Hello,
How can we block SSH login attempts (With root account )which are made from external IPs in Paloalto.
Note: We also have customers who login from external Ips. We dont have customer Ip list to white list.
Thanks and Regards.
10-13-2016 11:27 PM
enabling an ACL would be preferable, but if this is not possible: to prevent exposing your management interface to the internet, you could set up GlobalProtect connections for your customers that need access to thte management interface
that way they'll first need to VPN into the device before they cn connect to management, which is much safer
obfuscation can also help, by enabling the management profile on a loopback interface, and then setting up a Port Address Translation policy that translates, for example, your public IP's port 22222 to the loopback internal port 22
11-08-2016 01:30 AM - edited 11-08-2016 01:32 AM
Thank you for the information. Could you kindly provide detail information on second point or provide the referense site to undastand.
Note: As I said before, we dont have customer IPs list to whitelist.
11-08-2016 11:12 AM
To add to this if you are remotely managing these devices then I would highly recommend setting a management profile that strictly limits the amount of IP addresses that can actually manage this device. That way you can not only be secure in knowing that nobody can just login to your device but they won't even see the login page or get access to the devices management if they don't have the set IP addresses.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
