ProxySG is not accepting valid built-in Administrator's login through Web GUI or SSH

book

Article ID: 168789

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The ProxySG appliance does not accept valid built-in administrator credentials in the Management Console or SSH, even if you change the password and try with the new password. Event logs report the following errors:
"Attempted administrator login from unauthorized source: x.x.x.x, user 'admin'"

The credentials work in the serial console.

Cause

The issue is caused by console access control list (ACL). An ACL is enforced only when console credentials are used to access either the CLI or the Management Console, or when an SSH with RSA authentication connection is attempted.

Log in to the appliance using the serial console and enter the CLI:

#show advanced-url /cli/show/configuration

If the output displays the following, the appliance has been configured to limit access to the Management Console and CLI through the console ACL:

!- BEGIN authentication
security allowed-access add x.x.x.x 255.255.255.254.0
security allowed-access add y.y.y.y 255.255.254.0
security allowed-access add z.z.z.z 255.255.254.0
security enforce-acl enable

Resolution

Add your workstation IP address in the ACL using the following commands:

#(config) security allowed-access add source_ip [ip_mask]

Alternatively, disable the ACL using the following command

#(config) security enforce-acl disable

This clears the ACL option and all users are allowed access to the CLI or Management Console using console account credentials from any workstation.