This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About pieters
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About pieters
03-31-2022
4Posts
0Likes
0Solutions
Mar 31, 2022Last Visited
User
Activity
User
Profile
Latest posts by pieters
| Subject | Views | Posted |
|---|---|---|
| 6769 | 06-09-2021 12:15 AM | |
| 6810 | 06-08-2021 06:35 AM | |
| 861 | 06-06-2016 01:43 AM | |
| 866 | 06-02-2016 05:08 AM |
User Badges
Community Statistics
| Member Since | 12-10-2015 06:54 AM |
| Date Last Visited | 03-31-2022 07:33 AM |
| Posts | 4 |
06-09-2021
12:15 AM
Hey Shafi01, thanks for the quick reply. I don't think that is it because the change only becomes in effect after restarting the service (which I definately did). Since I locked myself out of CLI, you would think I indeed need console access but I did the following to revert the change: 1. export the running config as xml from GUI and delete the ssh section mentioned under <deviceconfig> <system> 2. import the modified config back into the fw and commit 3. login to the fw with a browser and go to /api 4. browse to > Operational Commands > set > ssh > service-restart > mgmt and click the submit button Step 1 and 2 can also be achieved through api by browsing to > Configuration Commands > devices > entry[@name='localhost.localdomain'] > deviceconfig > system > ssh and then copy paste the restAPI url shown at the bottom but replace "action=get" with "action=delete"
... View more
06-08-2021
06:35 AM
I was able to remove weak ciphers but it is now impossible to SSH into the device at all. When looking at config audit in GUI I see this: <ssh> <ciphers> <mgmt> <aes256-ctr/> <aes256-gcm/> </mgmt> </ciphers> <default-hostkey> <mgmt> <key-type> <ECDSA>256</ECDSA> </key-type> </mgmt> </default-hostkey> <regenerate-hostkeys> <mgmt> <key-type> <ECDSA> <key-length>256</key-length> </ECDSA> </key-type> </mgmt> </regenerate-hostkeys> <session-rekey> <mgmt> <interval>3600</interval> </mgmt> </session-rekey> <mac> <mgmt> <hmac-sha2-256/> <hmac-sha2-512/> </mgmt> </mac> </ssh> Are you still able to use putty to connect to cli? Did you have to make changes in putty to be able to?
... View more
06-06-2016
01:43 AM
Thank you Pulukas.
That document is what lead me to believe it should be possible to do this with Panorama but when I go to https://MY_PANORAMA_SERVER/api I don't see a 'user-id' section. since I wanted to test submitting my xml file through the webinterface I was confused if this is still possible with Pan-OS versions later than 5.0 (which the document you link to references). I'll see if I can get it to work through curl or wget.
... View more
06-02-2016
05:08 AM
I read that you are supposed to be able to use Panorama as a proxy to update DAG on managed firewalls.
As far as I know, DAG are part of the User-ID section but when I browse to /api on my Panorama there isn't a User-ID section.
Could someone explain how to use Panorama as a proxy to update Dynamic Address Groups on devices managed by Panorama?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-31-2022
07:33 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks