Firewall - SSH access from the internet (WAN) - what to look after?

When using SSH, you might realize that you are running into problems accessing the device, especially when coming from the outside of the unit accessing the WAN-port. This tutorial will tailor at some possible root causes for this misbehaviour! When wanting to configure your device via terminal, SSH is most likely the way to go. We recommend using an SSH Client like PuTTY for this task: https://www.putty.org/


First, take a look under Configuration > System > SSH. Make sure that the SSH daemon on the unit is activated.

The next step will be to check the firewall rule if SSH is allowed. From LAN, SSH access should be allowed by default. Coming from WAN, we have to add a firewall rule:

This firewall rule is allowing SSH from WAN to the Zywall itself. This way, accessing SSH port 22 on the USG will be allowed when the access is being initiated from the internet.

After accessing this rule, you should be able to use any terminal program which supports SSH to access the USGs CLI:

Note:
Please keep in mind that hacker can use the same access. We recommend you to provide the admin with a strong password or limit the WAN access to your WAN IP.

Here is what account type that can access which service on the firewall: