Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ-570 outbound port 22 connections times out

Hi there,

I came across an issue where any outbound SSH connection attempt are timing out. Basically, from the internal network behind the TZ570 router, whether we try to log in an external (on the Internet) SSH or SFTP server, it times out.

Product Code: 22205
Firmware Version: SonicOS 7.0.1-5023
ROM Version: 7.0.0.9

  • No computer from the internal network can establish a connection using port 22 to an external server
  • Multiple different SSH/SFTP servers have been tested and none works
  • Issue is not coming from the remote servers as the connection works from other locations.

What we checked:

  • No logs generated whatsoever by the Firewall or other component
  • Router is not licensed for Application Control / Antivirus / Advanced Protection / Content Filtering, so these component shouldn't be problematic
  • DPI-SSL and DPI-SSH are both disabled.
  • I followed both KB below which didn't help

https://www.sonicwall.com/support/knowledge-base/sftp-not-working-with-dpi-ssh/240501062702000

https://www.sonicwall.com/support/knowledge-base/how-can-i-resolve-drop-code-cache-add-cleanup/180118173647344

  • Checked Firewall and NAT rules, no restricted outbound traffic and no port 22 natting is done.
  • SSH Management is disabled from all Interfaces

Packet captures

We did a packet captures that shows TCP retransmission and no reply whatsoever from the remote server at 192.235.X.X

I'm a bit out of solution for now, would you have recommendation on what could be causing such behavior ?

Thank you very much for your time

Category: Entry Level Firewalls
Reply

Comments

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    Check that you have bidirectional port matching enabled on the packet monitor, if so the server you are trying to connect to is not responding

    You send the TCP SYN to start the 3 way handshake but nothing is shown coming back.

  • ConnextekConnextek Newbie ✭

    That setting is indeed enabled. Issue is not the server timing out as all port 22 connections do time out, and connection to the same server works fine outside this netwotk. Are you aware of another feature or configuration on Sonicwall that would cause this ? I never saw that problem before and have a handful of Sonicwall across our customers.

    Thanks again

Sign In or Register to comment.