Pedro_vde  Freshman Member

--- PROBLEM SOLVED --- When attempting to solve the issue in one of the previous steps, I've changed the SFTP incoming port on the Synology to 115. I forgot about that. Changed back to port 22 and the problem is solved. The issue was caused by the fact that the USG uses port 22 as the standard port to access SSH. I've…

--- PROBLEM SOLVED --- When attempting to solve the issue in one of the previous steps, I've changed the SFTP incoming port on the Synology to 115. I forgot about that. Changed back to port 22 and the problem is solved. The issue was caused by the fact that the USG uses port 22 as the standard port to access SSH. I've…

--- PROBLEM SOLVED --- I had changed the incoming port on the Synology to port 115 in one of the attempts before and forgot to put it back to port 22. Stupid me... anyway the solution to this issue: USG is using port 22 for SSH, Synology uses port 22 standard for SFTP access. USG was thinking that an FTP-user would try to…

I've changed the SSH port on the USG. Reversed all settings to the previous settings as in my first post. Trying to login from WAN by using port 22 but no luck: Error: Connection refused

I'm using the same client from LAN & WAN. This morning the daily USG reports came in and there I saw in one of the lines: 35 2020-03-24 15:10:34 192.168.0.120 nn.nn.nnn.nn alert user Account: existingaccountname Failed login attempt to Device from ssh (incorrect password or inexistent username) [count=4] where…

The Synology could be the culprit, I know. I'll double check all settings there. It works from the same LAN on port 22, it shows the right certificate... All problems started when shutting down the plain FTP services on the Synology and having only SFTP and FTPS activated.

Thank you for the follow up! I'm accessing from the internet using various FTP Clients (Filezilla,Transmit, Cyberduck and FTPClient (on iPhone)) I just have a few other NAT rules in place: One for a remote login to another host (TCP port 80 and TCP/UDP 5003) Source connect ports also to another host (UDP 6000-6001) And…

When disabling the Security Policy Control the issue persists. USG logs don't show any activity when trying to connect to the FTP server. I'm not 100% sure that I'm looking in the right spot here. I'm checking Monitor - Log - View Log

Yes I did, and this is not working neither. That's why I came to the conclusion I've should have messed up with the USG60 configuration. A quick roundup at this moment: Access from the LAN to the servers IP works on port 21 and port 22 Access from WAN by Fixed IP does not work, neither on port 21, nor 22 Access from WAN by…

I've installed tcptraceroute and ran tcptraceroute hostname port these are the results: Selected device en0, address 192.168.0.120, port 50778 for outgoing packets Tracing the path to xxxx.tech (nnn.nnn.nnn.nnn) on TCP port 22 (ssh), 30 hops max 1 d5152c90c.static.xxxx.be (nnn.nnn.nnn.nnn) 2.002 ms 1.858 ms 3.877 ms 2 * *…

Thank you for thinking along Peter... The problem now is that I don't have access to a windows host to run TraceTCP... I'll look for a Mac Alternative

In the past our setup worked without the passive ports (49152-65535). This might be applicable but we don't want to use the insecure plain FTP, but just the SFTP.

Yes, I did... forgot to attach:

Thank you for the reply. The Anti Spam profile is indeed the only place where I could find a way to whitelist IP's on the USG60. But, as I do understand this whitelisting in the Anti-Spam profile, it only let mails pass that come from these IP-adreses . And I don't think this is what should be done in our case. It seems…

Thank you for your attention... I know that the USG60 does not block IP's, that's why I am completely lost in this. Maybe some extra info regarding this issue could clear out something more: We are struggling for a while having our fixed main-IP address blacklisted on several blacklisters as a spam emitting IP. The culprit…