Re: [FW-1] Lost ssh access to SPLAT firewall!

GoddardM Wed, 27 Oct 2004 13:30:39 -0700

Is there anything else  in this switch and VLAN other than the firewall and
management station? I believe you said in another email they are both on
this switch... could be something doing a TCP reset on the ssh port.


Regards,
Matt Goddard
Security Information Team
Schneider National
920-592-4787
[EMAIL PROTECTED]



|---------+-------------------------------------------->
|         |           "Erik A. Widholm"                |
|         |           <[EMAIL PROTECTED]>         |
|         |           Sent by: Mailing list for        |
|         |           discussion of Firewall-1         |
|         |           <[EMAIL PROTECTED]|
|         |           KPOINT.COM>                      |
|         |                                            |
|         |                                            |
|         |           10/27/2004 02:36 PM              |
|         |           Please respond to Mailing list   |
|         |           for discussion of Firewall-1     |
|         |                                            |
|---------+-------------------------------------------->
  
>----------------------------------------------------------------------------------------------|
  |                                                                                    
          |
  |       To:       [EMAIL PROTECTED]                                   |
  |       cc:                                                                          
          |
  |       Subject:  Re: [FW-1] Lost ssh access to SPLAT firewall!                      
          |
  
>----------------------------------------------------------------------------------------------|




https works fine
traceroute works fine
ping works fine

tcpdump shows [SYN] packets
fw monitor shows NOTHING

If I issue 'ping -t firewall_address' and then fire up ssh, I'm connected
just fine as long as the ping is running.

Very odd....

----- Original Message -----
From: "Previtera, Sal" <[EMAIL PROTECTED]>
Date: Wednesday, October 27, 2004 1:12 pm
Subject: Re: [FW-1] Lost ssh access to SPLAT firewall!

> Can you reach it by HTTPS://firewallipaddress (if multiple
> interface...trythem all)?
> Have you try traceroute ?
> Are you using Smart Defense?
>
>
> -----Original Message-----
> From: Erik A. Widholm [EMAIL PROTECTED]
> Sent: Wednesday, October 27, 2004 9:19 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [FW-1] Lost ssh access to SPLAT firewall!
>
> Let's see...
>
> Mgmt station can both accept logs and push policies
>
> My connection attempts don't register in the logs at all.
>
> ----- Original Message -----
> From: Mike Feetham <[EMAIL PROTECTED]>
> Date: Wednesday, October 27, 2004 8:40 am
> Subject: Re: [FW-1] Lost ssh access to SPLAT firewall!
>
> > Erik,
> >
> > Start with the obvious.  Is your firewall log showing your SSH
> > connectionattempts as accepted or dropped?  I'm assuming your
> > management console can
> > still communicate with the gateway (policy pushes, etc).
> >
> >
> > -----Original Message-----
> > From: Mailing list for discussion of Firewall-1
> > [EMAIL PROTECTED] On Behalf Of Erik A.
> > Widholm
> > Sent: Wednesday, October 27, 2004 7:54 AM
> > To: [EMAIL PROTECTED]
> > Subject: [FW-1] Lost ssh access to SPLAT firewall!
> >
> > I lost ssh access to our FW-1 box (R55 FHA_09) a few days ago, and
> > cannotget it back.
> >
> > The source IPs for the connection have not changed!
> >
> > Additional details:
> > 1. the management station used to be able to ssh to the FW1
> > module, but is
> > no longer capable of doing so
> > 2. the FW1 module used to be able to ssh to the management
> > station, but is
> > no longer capable of doing so
> > 3. the FW1 module shows sshd running (ps -ef)
> >
> > Very perplexing....
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [EMAIL PROTECTED]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [EMAIL PROTECTED]
> > =================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to [EMAIL PROTECTED]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [EMAIL PROTECTED]
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Re: [FW-1] Lost ssh access to SPLAT firewall!

Reply via email to