ssh problem on mac os x

MPI-AE · ‎01-25-2017

Hey guys,

I have such a weird problem.

A user has to connect to a samba server. He does it on his mac with cyberduck, Port 999 and ssh.

in the monitor, the application is "incomplete", the action is "allow", and session end reason is "aged-out".

Currently, the concerning firewall policy to this public server is any app and any service.

However, the connection doesn't work. It can't connect.

What's the deal here?

PS: It worked yesterday! So I think there is something wrong with the firewall (PA 3020).

I also restored the backup from yesterday, however, it doesn't work!

What can I do? Restart dataplane? Restart the whole device?

Thank you very much.

TranceforLife · ‎01-26-2017

Looks to me that the server is not responding to the ssh request on port 999.

Can you try from the cli on Palo and do PCAP put the filter to the server ip addrtess :

> ssh port 999 source (external ip) host (server ip)

View solution in original post

TranceforLife · ‎01-25-2017

Hi,

Can you ping a server from PA? Looks like TCP handshake is not complete. Any NAT in place? Check detailed traffic log reason and bytes received/sent.

Thx,

Myky

MPI-AE · ‎01-25-2017

Yes I can ping the public ip of the server. as source interface I used the gateway which the mac uses.

Yes, there is NAT in place.

detailed log view:

Bytes send: 640

Bytes received: 0

Repeat Count: 1

Packets: 8

TranceforLife · ‎01-26-2017

Hi,

Looks like you stealing an information:) Just post snip of your detailed session and NAT rule for the client (wipe sensitive info from logs). What version of PAN-OS you running?

Thx,

Myky

MPI-AE · ‎01-26-2017

Hey Myky,

sorry.

Security Rule:

NAT Rule is just a dynamic-ip-and-port Source Translation.

PAN OS: 7.0.7

The weird thing is, this worked yesterday.

TranceforLife · ‎01-26-2017

Looks to me that the server is not responding to the ssh request on port 999.

Can you try from the cli on Palo and do PCAP put the filter to the server ip addrtess :

> ssh port 999 source (external ip) host (server ip)

kdd · ‎01-26-2017

Hi MPI-AE,

does the server listening to port 999 or is it 22 which is often used for ssh. As it worked before did you do nat as well ?

Regards,

Klaus

MPI-AE · ‎01-26-2017

You were right, our public NAT IP was blocked in the server's internal firewall.

Thank you!

PS: What effect does "Restart Dataplane" under Device -> Operations have?

When do I use it?

TranceforLife · ‎01-26-2017

Good point actually. As it was a silent drop (no RST or reject received by PA). Dataplane @reaper should have an answer. l never use that option

BPry · ‎01-26-2017

The dataplane is what actually processes all of your traffic. Restarting it would essentially temporarly stop traffic from being processed while the dataplane comes back up. You really only use it if you suspect that one of the processes isn't functioning correctly and need to restart it without actually restarting the box. It's quite a bit faster than restarting the whole thing as you only have to wait for 'half' the box to come back up. This graph might help.

TranceforLife · ‎01-26-2017

@BPry Pretty good explanation l would say. I did play with management plane process restart where the issues seen more often

BPry · ‎01-26-2017

@TranceforLife I would say that the majority of issues that people run into can be attributed to a management process and not a dataplane process. Really since restarting the dataplane is going to have an impact anyways most of the time if we do run into an issue that could be fixed with a dataplane restart we just restart the whole thing.

TranceforLife · ‎01-26-2017

Agreed same time control plane will get refreshed wich is also a good thing :0

Unlock your full community experience!

ssh problem on mac os x

ssh problem on mac os x

Show your appreciation!