When we connect to LCP over the non-standard port like 2222 via putty and Winscp tool, we might end up with this error message. However we can connect to the LCP via SecureCRT.
Note: We will be able to connect over standard port 22 via Putty, Winscp and SecureCRT.
Customer’s firewall IPS signature for CVE-2001-0361 vulnerability blocks our LCP to connect over non-standard ports like 2222 using putty and winscp application. We may connect via SecureCRT tool.
Vulnerability: Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
To overcome this issue, customer need to add an IPS exception policy, below are the steps to add. Adding an IPS Exception To add a new exception: 1. In the IPS tab, select Network Exceptions. 2. Click New, the Add/Edit Exception Rule window opens. 3. From Profile, select a profile or Any. 4. From Protection, select the excluded protection(s).
Single protection - Click Select and then select the protection.
All supported protections - Only protections that support the Network Exceptions feature are excluded.
5. Define the Source and Destination, and Service for the excluded protection.
To use a Smart Dashboard object, click Manage and then select the object.
To enter a value, click IP Address or Port and then enter the value.
6. Define on which Security Gateways this exception is installed. Select one of these options:
All R70 gateways.
Apply this exception and select the Security Gateway object.
7. Click OK and then install the policy.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.