Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎05-27-2020 08:17 AM Edited on ‎11-25-2021 01:05 AM By Community Manager

Article Id 197358

Technical Tip: Palo Alto admin banner causes SSH connections to fail

Description
Palo Alto firewall SSH accounts can be configured with an admin banner.  When the admin banner is enabled, the appliance is unable to connect.  If the banner is disabled, the SSH connection works.

Telnet accounts do not have this function.  If the Protocol is set to Telnet in the Model configuration, credential validation works.
 
Enabling the admin banner changes the login sequence when connecting to Palo Alto.  This change prevents the appliance from completing login.   


Scope
Version:  8.x

Solution

In the firewall, disable the admin banner for the SSH account used by the appliance to connect.  This banner is not supported.
 
The account username is listed under CLI Settings in the Palo Alto Model Configuration in Topology. 
Labels:
1441
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.