[ATP/FLEX] How to access SSH service of Nebula Firewall?

Options
Zyxel_Cooldia
Zyxel_Cooldia Posts: 1,474  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited August 2023 in Maintenance

Scenario:

Sometimes, when troubleshooting network issues, we might need to access a device via SSH. You can follow the steps below to access the device's SSH service for troubleshooting.

Steps:

You may skip step 1) if you access SSH service from LAN interface of the device.

1)  Create a security policy to allow SSH service from wan interface. By default, it is unable to access device SSH service from wan interface when the device is managed by nebula. There is no Implicit firewall rule to allow device SSH access from wan.

Go to Configure > Firewall > Security Policy.


In Implicit allow rules, there is no implicit rule to allow SSH access from wan to Device TCP 22 port

Click Add to create a security policy rule to allow SSH access from Wan.

Action = Allow

Protocol = TCP

Source = Any

Destination = Device

Dst Port = 22

*For security concern, we strongly suggest you add trusted IP to Source IP, instead of any.

Click Save to commit setting to Nebula.

 

2)   Go to Configure > Site settings to check local credentials.

3)   SSH into the device and log in with local credentials. You can debug via the CLI in the SSH terminal.