Configure T15 for SFTP connection

I have a FireBox T15 that is preventing SFTP client connections, and I can't seem to figure out why. It is not blocking the connection according to the log, but the connection seems to be not returning correctly. If I bypass the T15, the connections work perfectly. I think that the external IP seen by the SFTP server is that of the T15 and not the client computer. Thanks for any help!

For clarification: I am acting as the SFTP client and initiating the connection.

Answers

  • When you client computer is behind the firewall, it has a private IP addr.
    Your firewall will NAT all outgoing packets to the external interface IP addr of the firewall, by default.

    Does your firewall get a public IP addr?
    If not, what is in front of the firewall?

    To where are you doing this SFTP session?

  • Thanks for the reply. This particular appliance requires an external modem. In my case, I have the ISP's standard modem between it and the internet. The SFTP server is a state server that requires constant information from my end.

  • SSH works through the firewall for many. I'm not aware of sites where this is not working.

    Are you able to log in to the SSH site?
    Any details related to this connection would help -can you connect at all, what do you see, etc.

    SFTP uses SSH.
    You can add a SSH packet filter policy to your config, From: Any-trusted To: Any-external.
    Turn on Logging on the policy, so that you can see packets allowed bu this policy in Traffic Monitor.
    There is a default idle session timeout in Fireware - 60 minutes for a TCP connection, which SSH is.
    You can specify a custom idle timeout on this policy if you need to have a longer idle session timeout value.

Sign In to comment.