SSH Access SA520W

Unanswered Question
Jan 28th, 2010


I'm working with a SA520W Security Appliance and having difficulty connecting to a SSH server on the LAN.

I have create an inbound (WAN zone to LAN zone) firewall rule for Service SSH:TCP, Enable Port Forwarding to 22 to the destination LAN IP, but have been unable to connect from any external IP address to the internal SSH server via XShell or PuTTY software. Within the LAN, I'm able to connect successfully.

What am I missing?

Much appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jamccord Fri, 01/29/2010 - 05:45

Do you have the most current firmware?  Most recent is 1.1.21.  Please advise.

linuxuser3030 Fri, 01/29/2010 - 07:29

Hi Jammcord. Thank you for your prompt response. My current firmware version is 1.1.21. It was upgraded from version 1.0.15.

linuxuser3030 Fri, 01/29/2010 - 08:16

No other firewall is enabled on the SSH server. Not sure if this helps, but other services, such as HTTPS, connect to the server through the SA520W firewall just fine.

jamccord Fri, 01/29/2010 - 08:23

Just for clarification, you are able to ssh into the box on the lan?

linuxuser3030 Fri, 01/29/2010 - 08:43

Correct; within the LAN I'm able to SSH using the server's internal IP address ( or Host Name. Just unable to SSH into the server from a remote location. Also, before implementing the SA520W, we had a RSV4000, which SSH passed through without issue from any remote location.

jamccord Fri, 01/29/2010 - 08:49

I assume you are using the built-in service on the device.  Try setting up a custom service and changing your forwarding rule to use your custom service.  If this does not work, call into the SBSC and open a case so we can document the issue.  1.866.606.1866.  You may ask for me, Jason McCord, I will be happy to work with you if I am available.

linuxuser3030 Fri, 01/29/2010 - 09:02

Yes, I'm using the built-in service SSH:TCP, but have also tried SSH and SSH:UDP. However, I will try creating a custom service to see if that solves the issue. Thanks for your help.


This Discussion