SSH Access SA520W

Unanswered Question
Jan 28th, 2010
User Badges:


I'm working with a SA520W Security Appliance and having difficulty connecting to a SSH server on the LAN.

I have create an inbound (WAN zone to LAN zone) firewall rule for Service SSH:TCP, Enable Port Forwarding to 22 to the destination LAN IP, but have been unable to connect from any external IP address to the internal SSH server via XShell or PuTTY software. Within the LAN, I'm able to connect successfully.

What am I missing?

Much appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jamccord Fri, 01/29/2010 - 05:45
User Badges:

Do you have the most current firmware?  Most recent is 1.1.21.  Please advise.

linuxuser3030 Fri, 01/29/2010 - 07:29
User Badges:

Hi Jammcord. Thank you for your prompt response. My current firmware version is 1.1.21. It was upgraded from version 1.0.15.

jamccord Fri, 01/29/2010 - 07:36
User Badges:

Is SELinux enabled?  Any other firewall program?

linuxuser3030 Fri, 01/29/2010 - 08:16
User Badges:

No other firewall is enabled on the SSH server. Not sure if this helps, but other services, such as HTTPS, connect to the server through the SA520W firewall just fine.

jamccord Fri, 01/29/2010 - 08:23
User Badges:

Just for clarification, you are able to ssh into the box on the lan?

linuxuser3030 Fri, 01/29/2010 - 08:43
User Badges:

Correct; within the LAN I'm able to SSH using the server's internal IP address ( or Host Name. Just unable to SSH into the server from a remote location. Also, before implementing the SA520W, we had a RSV4000, which SSH passed through without issue from any remote location.

jamccord Fri, 01/29/2010 - 08:49
User Badges:

I assume you are using the built-in service on the device.  Try setting up a custom service and changing your forwarding rule to use your custom service.  If this does not work, call into the SBSC and open a case so we can document the issue.  1.866.606.1866.  You may ask for me, Jason McCord, I will be happy to work with you if I am available.

linuxuser3030 Fri, 01/29/2010 - 09:02
User Badges:

Yes, I'm using the built-in service SSH:TCP, but have also tried SSH and SSH:UDP. However, I will try creating a custom service to see if that solves the issue. Thanks for your help.


This Discussion