This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christopher_To
Collaborator
‎2021-09-30 12:03 PM
Jump to solution

Remote Access - SSH to Gateway

Hi,

I can't SSH to the firewall the I connect to via remote access VPN.  Firewall rules are in place for SSH and webUI access to the firewall.  I know in other VPN communities there is a tab for "excluded services".  Is there a similar option for remote access VPN community?

I can get to the webUI but I can't SSH.  Logs show traffic being decrypted.

I am running R81.10 mgmt and R80.40 firewall.

Thank you.

1 Solution

Accepted Solutions
Christopher_To
Collaborator
‎2021-10-04 08:40 AM
Jump to solution

Thank you Rock and Genesis for your help.  I found the issue.  My SSH session was saved with the external IP, and I did not realize until now.  😅

View solution in original post

10 Replies
the_rock
Legend
Legend
‎2021-09-30 12:32 PM
Jump to solution

Do you see any logs for port 22 when trying?

0 Kudos
Christopher_To
Collaborator
‎2021-09-30 12:33 PM
In response to the_rock
Jump to solution

Yup

the_rock
Legend
Legend
‎2021-09-30 12:34 PM
In response to Christopher_To
Jump to solution

What do they show? Did you try zdebug on command line?

0 Kudos
Christopher_To
Collaborator
‎2021-10-01 09:44 AM
In response to the_rock
Jump to solution

Hmm I don't see logs anymore but I did enable split tunneling and manually specified the encryption domain.

I do have a firewall rule that should allow this traffic...

Src: office mode network

Dst: FW

Services: SSH and webUI port

 

I am able to access the webUI and I see accept and decrypt logs for this traffic from my office mode IP to the internal IP of the firewall.

When I try to SSH I don't see logs.  I do see drops in the zdebug.  It shows this connection being dropped but the weird thing is the source is my external IP trying to hit destination of the external IP of the firewall.

Shouldn't this traffic be hitting the same rule that allows webUI access?

0 Kudos
the_rock
Legend
Legend
‎2021-10-01 10:00 AM
In response to Christopher_To
Jump to solution

Message me directly, I have time to do remote, I have a feeling its something simple you might be missing.

Cheers!

0 Kudos
genisis__
Leader Leader
Leader
‎2021-10-02 07:08 AM
In response to Christopher_To
Jump to solution

Silly question have you updated the allowed list in GAIA?

Christopher_To
Collaborator
‎2021-10-04 08:40 AM
Jump to solution

Thank you Rock and Genesis for your help.  I found the issue.  My SSH session was saved with the external IP, and I did not realize until now.  😅

the_rock
Legend
Legend
‎2021-10-04 11:49 AM
In response to Christopher_To
Jump to solution

Well, sometimes smallest things pose a problem. Glad it works now : - )

genisis__
Leader Leader
Leader
‎2021-10-05 01:13 AM
In response to the_rock
Jump to solution

Its a good reminder to us all, check the basics first!

the_rock
Legend
Legend
‎2021-10-05 06:19 AM
In response to genisis__
Jump to solution

I agree with you wholeheartedly!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events