Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nick_Keith
Participant

R80.10 rejecting SSH version 1.x traffic

I have a gw running R80.10 that is rejecting SSH version 1.x traffic. The SSH traffic is coming from our VOIP controller. A work around was to reroute the traffic via MPLS to a R77.30 gw, find the IPS, and make an exception. 

The policy includes ssh and ssh_version_2 as Services and Applications (sk30470)

Anybody experience this before?

Sorry if wrong forum area. 

Thanks

0 Kudos
3 Replies
Vladimir
Champion
Champion

I know this would sound weird, but check if you have App Control and URL filtering inspecting this traffic in addition to the access control.

If it does, add explicit rule permitting ssh v1 in it and try again.

0 Kudos
Nick_Keith
Participant

Hi Vladimir,

Thank you for the reply.

Yes, we have both of those blades enabled and I tried creating an explicit with both the predefined ssh and a manually created ssh_1.x and traffic still did not traverse. The log itself says that the FW blade is the one blocking the traffic. 

I have a ticket open with CP and havent gotten very far just yet. 

0 Kudos
Vladimir
Champion
Champion

OK. This will sound even weirder, but can you add HTTPS in the same rule where you have SSH, push the policy and try again?

I recall running into something similar with one of my clients and for some reason, this was the solution to the problem.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events