Unable to SSH the newly deployed VM-Series firewall on AWS

Unable to SSH the newly deployed VM-Series firewall on AWS

2452
Created On 07/20/22 03:39 AM - Last Modified 06/26/24 20:14 PM


Symptom


  • "VM-Series Next-Generation Firewall (BYOL and ELA)" is used from AWS marketplace
  • The SSH access is intermittent, able to access the firewall if you connect to a different geographical location using VPN.

Environment


  • VM-Series on AWS
  • PAN-OS 9.1 and later

Cause


  • The security group on AWS by default allows SSH access from 0.0.0.0/1
  • This doesn't allow acesss from anywhere but only from the range between 0.0.0.0 -127.255.255.255.
  • Any public IP addresses outside this block will still be denied to access the firewall over SSH.
SSH.PNG 
 
 
 

Resolution


Modify the security group on AWS by removing 0.0.0.0/1 and then add the specific IP with /32 netmask.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqeDCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail