SSH Allow Firewall -> Client

Hello,
I am private, not a professional and I bought a Watchguard. Unfortunately I do not understand this. Maybe someone can explain it to me

every 10 seconds this always happens with a different number after the ssh/tcp

10.15 = Firebox
10.105 = Client that does not exist

2022-09-14 14:19:21 Allow 192.168.10.15 192.168.10.105 ssh/tcp 33210 22 Firebox NETZWERK Allowed 52 64 (Any From Firebox-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 8 S 1867257136 win 4210" Traffic

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The log here suggests that the firebox is attempting to SSH into something on your network.

    If you haven't set anything up to do this, I'd suggest opening a support case so that we can look into the issue.

    I would suggest opening a support case so that one of our team can look into this -- there are a few possibilities (the firebox could be trying to configure a remote access point, or copy something like a backup to a SSH server (via SCP.) Without seeing the configuration on the firewall itself, it's difficult to tell what might be happening here other than there's an SSH connection being initiated by 192.168.10.15 destined to 192.168.10.105.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @ChristianN that's gateway wireless controller logging into the AP to manage it.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.