Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 15499 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFTP Being Blocked

gr33ny

Hi

 

We have an SG210 running 9.406-3, I am trying to make my SFTP server accessible from the Internet but the firewall appears to be blocking requests.

 

I have created a DNAT rule: WAN > SSH Service > DMZ Network > Translate to private SFTP server address

 

When we attempt access from the WAN the firewall blocks the "SSH connection attempt".  I have tried an automatic firewall rule and also tried a manual rule, in both instances the firewall blocks the connection.

 

Is there something else I need to do to allow access from the WAN?  We do not have SSH management turned on.

 

Many thanks



This thread was automatically locked due to age.
  • 0

    You're seeing a conflict with the setting in 'Shell Access'.  You need to use a different port in either the DNAT or for Shell Access.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for your reply, I have changed the management SSH port to something else but the the firewall still blocks traffic coming to port 22.

     

    Strangely I have tried changing the local port but the firewall blocks that too, even though I've changed the port in the firewall rule.

     

    We have a dedicated DMZ port setup, could it be something to do with allowing traffic between the two interfaces?

  • +1 in reply to gr33ny

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to the block you're seeing.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • +1

    In stead of using DMZ network try using DMZ (Address) or at least the IP-address where the traffic is arriving. It's most likely not arriving from the internet to your DMZ network, the DMZ-network is where the traffic should go after arriving to an external address.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    Thanks for your replies - I had my NAT rule incorrectly setup

     

    Looking at the full firewall log also helped me identify the problem too so thanks for that tip

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML