cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.10 rejecting SSH version 1.x traffic

I have a gw running R80.10 that is rejecting SSH version 1.x traffic. The SSH traffic is coming from our VOIP controller. A work around was to reroute the traffic via MPLS to a R77.30 gw, find the IPS, and make an exception. 

The policy includes ssh and ssh_version_2 as Services and Applications (sk30470)

Anybody experience this before?

Sorry if wrong forum area. 

Thanks

0 Kudos
3 Replies
Vladimir
Pearl

Re: R80.10 rejecting SSH version 1.x traffic

I know this would sound weird, but check if you have App Control and URL filtering inspecting this traffic in addition to the access control.

If it does, add explicit rule permitting ssh v1 in it and try again.

0 Kudos
Highlighted

Re: R80.10 rejecting SSH version 1.x traffic

Hi Vladimir,

Thank you for the reply.

Yes, we have both of those blades enabled and I tried creating an explicit with both the predefined ssh and a manually created ssh_1.x and traffic still did not traverse. The log itself says that the FW blade is the one blocking the traffic. 

I have a ticket open with CP and havent gotten very far just yet. 

0 Kudos
Vladimir
Pearl

Re: R80.10 rejecting SSH version 1.x traffic

OK. This will sound even weirder, but can you add HTTPS in the same rule where you have SSH, push the policy and try again?

I recall running into something similar with one of my clients and for some reason, this was the solution to the problem.