> request high-availability sync-to-remote running-configĬheck on the Passive to see if the "Synchronize HA Peer" job is complete. Run the below command on Active to sync the ssh settings with the peer. # set deviceconfig system ssh mac mgmt hmac-sha2-512įor Standalone device run the below command on CLIįor Devices in HA, make sure ssh session to both devices are open and make sure they are not timed-out. # set deviceconfig system ssh mac mgmt hmac-sha2-256 # set deviceconfig system ssh session-rekey mgmt interval 3600 # set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA key-length 256 # set deviceconfig system ssh default-hostkey mgmt key-type ECDSA 256 # set deviceconfig system ssh ciphers mgmt aes256-gcm # set deviceconfig system ssh ciphers mgmt aes256-ctr If the Firewall/Panorama are in High-Availability mode then make sure SSH/Console sessions to both firewalls are open at the same time. Use the following CLI commands to resolve the issue: For PAN-OS 9.0 and above, Refer to #SSH9.outdated terminal emulators may not be compatible with the newer ciphers offered by PAN-OS).
0 Comments
Leave a Reply. |