Forwarding non-standard ssh port to standard ssh port internal (remote SFTP Server)

Hi Sofos network,

Please check and verify traffic flow under MONITOR & ANALYZE || Diagnostics || Packet Capture passing from the same firewall rules and NAT rule with drop packet 

Also, start tcpdump on CLI and share the output for all three steps.

Regards

Bharat J 

I updated the config like:

and 

it work manually by command line and filezilla

i just have problem with third party sftp client

I'm going to see why?

Thanks

Please check with packet capture, tcpdump and drop packet the behaviour of the traffic this will help you to check it in right direction.

Hi Bharat J  

Packet Capture output

what does it mean ??

Seems Service is off: You need to change the Source Port to 1:65335 to include the high ports. If issue remains,please verify the service port you have added on the firewall rule and NAT rule 

TEST by changing source WAN -> ANY - Destination  LAN -> server IP - Service (TCP 1:65335 to SFTP port no) -> any time -> log. Use linked NAT rule and choose MASQ I think should automatically setup the correct interfaces.

Please post the services object created here with tcpdump and drop packet if issue remains.

Hi,

the firewall rule should have the internal address as the destination.

ian

And also the internal SSH port instead of external.

PS Sofos network Changing the port used for SSH access does not increase security. It just keeps a small amount of scripts from finding the SSH-server but your SSH-access will still be found really quickly. Make sure to limit access as much as possible and use public/private keypairs to log on to the SSH-server to really increase security.

As per the requirement instead of exposing ports over WAN I would suggest to use IPSec remote access or SSL VPN.

Regards