04-06-2023 03:50 PM
I'm trying to restrict access to the management interface of a pair of 1150s running 7.2.0. I've run the following command:
configure ssh-access-list 8.8.8.8/32
which appears to complete successfully("The ssh access list was changed successfully." is returned) but then if I issue "show ssh-access-list" following this nothing is displayed. If I log out and back in via ssh I get the following:
> show ssh-access-list
f2b-sshd tcp -- anywhere anywhere tcp dpt:ssh
Chain f2b-sshd (1 references)
Once I try to edit the ACL again I get the same behavior described above and if I re-run the show ssh-access-list command nothing is displayed. Strangely enough, this worked fine on a pair of 1140s running the same code.
04-06-2023 10:04 PM
is this managed by FMC or FDM ?
configure ssh-access-list 8.8.8.8/32 <-- Hope 8.8.8.8 dummy one, if you do this only 8.8.8.8 can access rest will be denied. (bare in mind before you issue that command)
try :
> show running-config ssh
Note: since you confirmed the old version working 7.2 has an issue, may syntax change or could be a bug, I have not tested myself n 7.2 - 7.0 works as expected.
04-11-2023 06:35 PM
This pair of 1150s is managed by the same FMC that manages the 1140 that took the commands successfully.
04-11-2023 07:32 PM
Maybe iptables is corrupt... can you show me the iptables file?
/ngfw/etc/sysconfig# cat iptables
04-12-2023 06:35 AM
When I do that I get this:
admin@ftd-02:/ngfw/etc/sysconfig$ cat iptables
admin@ftd-02:/ngfw/etc/sysconfig$
04-12-2023 10:46 AM
I see... can you share the same from the working 1140?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide