Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Christopher_To
Collaborator
Jump to solution

Remote Access - SSH to Gateway

Hi,

I can't SSH to the firewall the I connect to via remote access VPN.  Firewall rules are in place for SSH and webUI access to the firewall.  I know in other VPN communities there is a tab for "excluded services".  Is there a similar option for remote access VPN community?

I can get to the webUI but I can't SSH.  Logs show traffic being decrypted.

I am running R81.10 mgmt and R80.40 firewall.

Thank you.

1 Solution

Accepted Solutions
Christopher_To
Collaborator

Thank you Rock and Genesis for your help.  I found the issue.  My SSH session was saved with the external IP, and I did not realize until now.  😅

View solution in original post

10 Replies
the_rock
Legend
Legend

Do you see any logs for port 22 when trying?

0 Kudos
Christopher_To
Collaborator

Yup

the_rock
Legend
Legend

What do they show? Did you try zdebug on command line?

0 Kudos
Christopher_To
Collaborator

Hmm I don't see logs anymore but I did enable split tunneling and manually specified the encryption domain.

I do have a firewall rule that should allow this traffic...

Src: office mode network

Dst: FW

Services: SSH and webUI port

 

I am able to access the webUI and I see accept and decrypt logs for this traffic from my office mode IP to the internal IP of the firewall.

When I try to SSH I don't see logs.  I do see drops in the zdebug.  It shows this connection being dropped but the weird thing is the source is my external IP trying to hit destination of the external IP of the firewall.

Shouldn't this traffic be hitting the same rule that allows webUI access?

0 Kudos
the_rock
Legend
Legend

Message me directly, I have time to do remote, I have a feeling its something simple you might be missing.

Cheers!

0 Kudos
genisis__
Leader Leader
Leader

Silly question have you updated the allowed list in GAIA?

Christopher_To
Collaborator

Thank you Rock and Genesis for your help.  I found the issue.  My SSH session was saved with the external IP, and I did not realize until now.  😅

the_rock
Legend
Legend

Well, sometimes smallest things pose a problem. Glad it works now : - )

genisis__
Leader Leader
Leader

Its a good reminder to us all, check the basics first!

the_rock
Legend
Legend

I agree with you wholeheartedly!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events