Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1060
Views
5
Helpful
1
Replies

RADIUS authc for SSH access to FTD, session terminates after login

tvancamp6
Level 1
Level 1

‎11-30-2022 03:08 PM

Looking for some insight on an issue we are facing when launching an ssh session to our FTD's.The behavior is that when a firewall admin accesses the firewall through ssh and they enter their credentials, the banner displays, and then the session just closes.

We are using RADIUS pointed to an ISE server with a defined policy set that is leveraging internal user db for authc and the following authz profile attributes for RW access:

Access Type = ACCESS_ACCEPT
Service-Type = 6

The issue is intermittent and affects certain users consistently during a given time period - for example, this morning, I was unable to login to one of the FTDs and it is still failing despite working fine yesterday. From an ISE perspective, I see the correct policies apply and as far as ISE is concerned, the user was granted access even when I see the session closing. I was really leaning towards this being an FTD setting for ssh timeout or max concurrent sessions, but in looking at device that is failing, I can see that only 4 users are logged in while another working device has 12 users logged in. I did not see any specific ssh settings for timeout and I can confirm that after 2 hours today, I was still logged in to one of our FTDs so I'm guessing the timeout is high or there is none.

I am not an FTD expert (I'm the ISE admin), but I do have access and was trying to better understand what is going on here. I did find a 'show user' command to see who is logged in, but I couldn't find a way to disconnect a currently-logged-in user like you can on switches.

Has anyone else experienced this?

2 people had this problem
1 Reply 1

Divya Jain
Cisco Employee
Cisco Employee

‎12-12-2022 04:07 AM

Hello,

**Does this issue happens for certain users all the time or can it happen for any user intermittently?
** Do make sure that the user is added in the user cli list.

This is config guide for FTD - https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/user_accounts_device.html#id_63722
Make sure the LDAP parameters are configured correctly 
 

 

SSH Timeouts are configured in:

Devices > Platform Settings > Secure Shell

 

Console Timeouts are configured in:

Devices > Platform Settings > Timeouts > Console Timeout

To verify the console timeouts, you will need to connect to the FXOS CLI since FXOS where the console "lives." This can vary based on the hardware that you are using. For instance, for Firepower 1K/2K you can verify this by:

 

Connecting to the console port (Or SSH to the box and then issue "connect FXOS") > scope security > scope default-auth > show detail




For intermittent issue it would require to take a loog at FTD logs to understand what is happening.


-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------



Regards
Divya Jain

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card