Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I wanted to revisit this discussion to see if anyone else had any ideas on this. This is still being detected as openssh from external vulnerability scans.
Maybe you could try this (basically, replacing the mix of matching source-address and source-prefix-list with only prefix-list):
set policy-options prefix-list all_v4 0.0.0.0/0
delete firewall family inet filter MGMT term T1 from source-address 0.0.0.0/0
set firewall family inet filter MGMT term T1 from source-prefix-list all_v4