0

I have a sonicwall tz500 that I need to forward all SSH connections it receives to some other external IP address. Is that possible? If so, how?

Tedison
  • 1

1 Answers1

0

If your public NAT IP is not the same as the one assigned to the WAN interface, you can simply forward TCP port 22 to your internal server. Remember that you need both a NAT and a firewall policy.

If you need to forward ssh connections received on the WAN interface own IP, you have an issue: by default, TCP port 22 is taken by the firewall itself for exporting its own CLI interface.

To avoid interfering with its reserved port, my advice is to forward a different external TCP port (ie: 2222) to your internal server TCP port 22. Otherwise, if you really need to expose TCP port 22, you need to change the firewall's own ssh port via MANAGE | System Setup > Appliance > Base Settings. Be aware: doing an error here means you can lose ssh access to the firewall. If unsure call a network professional.

For more information about NAT and port forwarding, please read the official docs.

shodanshok
  • 47,711
  • 7
  • 111
  • 180
  • I have SonicOS 6.5. How do I configure the necessary access rule? The official doc only shows a screenshot at the end. OS 6.5 does not let me specify the destination port as 22, it only lets me specify the source port as 2222. – Tedison Jun 06 '23 at 17:32
  • Destination port is specified via the `service` field. If you have such questions, I strongly suggest to read the official docs or to ask for professional support from a network admin. – shodanshok Jun 06 '23 at 20:47