https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123301#M22809 <P>Sounds like the Gaia OS is "eating" the packet, if you run <STRONG>fw monitor</STRONG> do you see the packet at capture points iI then nothing else?</P> <P>In the Gaia web interface check the Allowed Hosts screen under System Management...Host Access, you probably have some Gaia-based SSH/HTTPS restrictions defined there.</P> Thu, 08 Jul 2021 12:10:47 GMT Timothy_Hall 2021-07-08T12:10:47Z https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123263#M22802 <P>&nbsp;</P><P>hi,</P><P>&nbsp;</P><P>I have a strange challenge on a cluster. SSH access from a specific jump host is not working.</P><P>tcpdump shows that the fw receives the syn packet, but doesnt send any replies back. Smartconsole logs also show that the request is accepted, and there are no antispoofing issues.</P><P>i can access the fw on ssh from another location, which kinda adds to the whole mystery.</P><P>there is nothing logged when running zdebug drop, so for all intent and purposes, the packet is received, then "vanishes" after that.</P><P>Anyone seen anything similar before?</P> Thu, 08 Jul 2021 06:59:13 GMT https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123263#M22802 KM1895 2021-07-08T06:59:13Z https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123301#M22809 <P>Sounds like the Gaia OS is "eating" the packet, if you run <STRONG>fw monitor</STRONG> do you see the packet at capture points iI then nothing else?</P> <P>In the Gaia web interface check the Allowed Hosts screen under System Management...Host Access, you probably have some Gaia-based SSH/HTTPS restrictions defined there.</P> Thu, 08 Jul 2021 12:10:47 GMT https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123301#M22809 Timothy_Hall 2021-07-08T12:10:47Z https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123335#M22817 <P>Timothy actually brought up a good point...maybe do fw monitor to see what happens. Allowed Hosts in web GUI could also cause an issue if configured for specific hosts.</P> Thu, 08 Jul 2021 14:28:34 GMT https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123335#M22817 the_rock 2021-07-08T14:28:34Z https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123345#M22819 <P>Yes and because the SSH traffic is to the gateway itself, that traffic will always go F2F so no need to disable SecureXL for the traffic to be visible with&nbsp;<STRONG>fw monitor -e</STRONG>.</P> Thu, 08 Jul 2021 14:58:42 GMT https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123345#M22819 Timothy_Hall 2021-07-08T14:58:42Z https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123382#M22826 <P>Would also be worth confirming routing back to the jump host in question. It's possible the firewall&nbsp;<EM>is</EM> sending the SYN-ACK, just out a different interface than expected. The simplest way to confirm routing is with 'ip route get', like so:</P> <LI-CODE lang="markup">[Expert@LabSC]# ip route get 1.1.1.1 1.1.1.1 via 10.0.1.1 dev eth1 src 10.0.1.253 cache </LI-CODE> <P>That output says I will use eth1 to get to that destination, and I will use the gateway address 10.0.1.1. My source for transmitted traffic will be 10.0.1.253.</P> Thu, 08 Jul 2021 19:06:42 GMT https://community.checkpoint.com/t5/General-Topics/ssh-access-issues/m-p/123382#M22826 Bob_Zimmerman 2021-07-08T19:06:42Z