https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4809850#M1099324 <P>is this managed by FMC or FDM ?</P> <P><SPAN>configure ssh-access-list 8.8.8.8/32&nbsp; &nbsp;&lt;-- Hope 8.8.8.8 dummy one, if you do this only 8.8.8.8 can access rest will be denied. (bare in mind before you issue that command)</SPAN></P> <P><SPAN>try :</SPAN></P> <PRE class="p1"><SPAN class="s1">&gt; show running-config ssh</SPAN></PRE> <P><SPAN>Note: since you confirmed the old version working 7.2 has an issue, may syntax change or could be a bug, I have not tested myself n 7.2 - 7.0 works as expected.</SPAN></P> Fri, 07 Apr 2023 05:04:12 GMT balaji.bandi 2023-04-07T05:04:12Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4809768#M1099320 <P>I'm trying to restrict access to the management interface of a pair of 1150s running 7.2.0.&nbsp; I've run the following command:</P> <P>&nbsp;</P> <P>configure ssh-access-list 8.8.8.8/32</P> <P>which appears to complete successfully("The ssh access list was changed successfully." is returned) but then if I issue "show ssh-access-list" following this nothing is displayed.&nbsp; If I log out and back in via ssh I get the following:</P> <P>&nbsp;</P> <P>&gt; show ssh-access-list <BR />f2b-sshd tcp -- anywhere anywhere tcp dpt:ssh<BR />Chain f2b-sshd (1 references)</P> <P>&nbsp;</P> <P>Once I try to edit the ACL again I get the same behavior described above and if I re-run the show ssh-access-list command nothing is displayed.&nbsp; Strangely enough, this worked fine on a pair of 1140s running the same code.</P> Thu, 06 Apr 2023 22:50:28 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4809768#M1099320 mumbles202 2023-04-06T22:50:28Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4809850#M1099324 <P>is this managed by FMC or FDM ?</P> <P><SPAN>configure ssh-access-list 8.8.8.8/32&nbsp; &nbsp;&lt;-- Hope 8.8.8.8 dummy one, if you do this only 8.8.8.8 can access rest will be denied. (bare in mind before you issue that command)</SPAN></P> <P><SPAN>try :</SPAN></P> <PRE class="p1"><SPAN class="s1">&gt; show running-config ssh</SPAN></PRE> <P><SPAN>Note: since you confirmed the old version working 7.2 has an issue, may syntax change or could be a bug, I have not tested myself n 7.2 - 7.0 works as expected.</SPAN></P> Fri, 07 Apr 2023 05:04:12 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4809850#M1099324 balaji.bandi 2023-04-07T05:04:12Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812334#M1099420 <P>This pair of 1150s is managed by the same FMC that manages the 1140 that took the commands successfully.&nbsp;</P> Wed, 12 Apr 2023 01:35:18 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812334#M1099420 mumbles202 2023-04-12T01:35:18Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812383#M1099426 <P>Maybe iptables is corrupt... can you show me the iptables file?</P> <P><SPAN>/ngfw/etc/sysconfig# cat iptables </SPAN></P> Wed, 12 Apr 2023 02:32:22 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812383#M1099426 Gustavo Medina 2023-04-12T02:32:22Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812848#M1099442 <P>When I do that I get this:</P> <P>&nbsp;</P> <P>admin@ftd-02:/ngfw/etc/sysconfig$ cat iptables<BR /><A href="mailto:admin@ftd-02:/ngfw/etc/sysconfig$" target="_blank">admin@ftd-02:/ngfw/etc/sysconfig$</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 12 Apr 2023 13:35:14 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4812848#M1099442 mumbles202 2023-04-12T13:35:14Z https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4813037#M1099452 <P>I see... can you share the same from the working 1140?</P> Wed, 12 Apr 2023 17:46:28 GMT https://community.cisco.com/t5/network-security/restricting-access-to-ftd-management-interface/m-p/4813037#M1099452 Gustavo Medina 2023-04-12T17:46:28Z