This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Gingerwerewolf
Contributor
‎2023-07-04 01:10 AM

WebUI & SSH bouncing between Appliances Maestro

Hey all

Im pretty sure that it something I have missed or done wrong, but your assistance would be much appreciated

First of all, all devices on R81.10 JHF 95

Its a Maestro Setup, 5 Appliances (6200's) set up in 2 Security Groups

SG 1 set up with 3 devices about a year ago - works fine - All SSH and WebUI connectivity

SG 2 set up recently with the other 2 (which were brand new devices)- and in all aspects other than the WebUI and or SSH it is working fine. (Or I think it is)

SG2 has an issue where when I connect via SSH it nearly always is displaying a security issue, that the Key has changed. This then becomes noticable on the connection, as the member that I am connected to is different

When I try to connect to SG2 via the WebUI, it attempts to connect and then bounces me back to the logon screen. If Im lucky I can get in, and then it will keep saying "Server has disconnected"

My gut feeling is that the WebUI, like the SSH connection, is constantly swapping from Member to member and as such getting kicked out.

Any assistance on how to fix or bypass this issue would be very much appreciated. 

0 Kudos
4 Replies
Dario_Perez
Employee Employee
Employee
‎2023-07-04 07:04 AM

Do you have the mgmt/magg is connected to Cisco ACI? If Does disable the endpoint rouge detection 

Gingerwerewolf
Contributor
‎2023-07-05 05:20 AM
In response to Dario_Perez

No it is not, though that is a great catch for the future, thank you!

 

0 Kudos
emmap
Employee
Employee
‎2023-07-04 07:54 PM

It sounds like you're connecting to an uplink interface, and you have l4 enabled for distribution (it's enabled by default). If so, this is expected behaviour. If you disable l4 in your distribution config, the distribution will only look at your IP addresses (and not your source port, which will change every time you make a new connection) and hence you'll always get to the same SGM (assuming they're all active) when you log in.

Gingerwerewolf
Contributor
‎2023-07-05 05:22 AM
In response to emmap

I think this is what I have missed. Ill give it a try and let you know.

Thank you for taking the time to reply!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events
    Top