cannot connect to VM-Series Next-Generation Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

cannot connect to VM-Series Next-Generation Firewall

L1 Bithead

cannot connect to VM-Series Next-Generation Firewall (both BYOL and Bundle1)

getting connection refused for both SSH and HTTPS

tried with public ip  and private ip

14 REPLIES 14

L3 Networker

Hi @careem785 

 

where do you deploy it? Azure/AWS/GCP

 

Regards,

Torsten

"With unity we can do great things"

L4 Transporter

Hello @careem785 

Are you talking about a setup in Azure? If so, please check the NSG (Network Security Group) for the firewall (NIC and VNET).

when you talk about Azure then create please a NSG as shown below and attach it to the NIC.

 

Screenshot 2020-09-16 at 15.50.41.png

Then when you using a Public IP (Standard) then is there a implicite deny when you not attach any NSG to it

"With unity we can do great things"

its in AWS and security group rules are fine , i can ping to the device but SSH and HTTPS not working 

 

Hi @careem785 

 

are you using the correct ssh key pair? Look at Step 4 in that document

 

https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-o...

 

Then AWS works with ssh key pairs and not with username/password

 

Regards,

Torsten

"With unity we can do great things"

key pair is fine , i am getting "connection refused" error message

did you swap the management interface? 

"With unity we can do great things"

no , how to do that?

you can't doing it without having cli access to firewall. Please double check taht you are using the right interface and not that you try to connect to the untrust interface.

"With unity we can do great things"

i am launching with only one interface and tried to access, 

i am launching with only one interface and tried to access, 

It is really hard to say what is going wrong here without seeing it but i still think that something is wrong with Security Rules, routing, ssh key pair or Internet Gateway.

 

Please review everything against our official guides.

 

Regards,

Torsten

 

"With unity we can do great things"

how can i open a support account , without login in to the firewall , because the support account asking serial no

Hi,

 

i recommend that you destroy the environment and redeploy it and following this guide https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-o...

 

or use the following script https://github.com/wwce/aws-cft/tree/master/AWS-Ref-Architecture

"With unity we can do great things"
  • 7602 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!