Secure remote firewall system with SSH

Most firewall systems integrate a Web-based component that allows users to configure these firewall systems.

Network administrators - Most firewall systems integrate a Web-based component that allows users to configure these firewall systems.

This is also true for many minimal firewall systems (such as Linksys, D-link, etc.) and is also true for many open source firewall systems like pfSense. These systems often provide a variety of remote web access options over the Internet, but this remote access is not guaranteed to be secure.

 

Secure remote firewall system with SSH Picture 1Secure remote firewall system with SSH Picture 1 .


Instead, if there is an internal firewall system that can forward a port for SSH (Secure Shell), a network protocol is used to provide a secure channel when two computers are connected. You can then enable SSH and use TCP Forwarding to access the firewall through the system within this network. This firewall has the advantage of decentralization and strong encryption capabilities. If the remote firewall system is running SSH, you don't need another internal system to run SSH, just run SSH in the firewall system.

For example, use the following code to edit ~ / .ssh / config and add an entry on the remote system:

Host remotefw
Hostname remotefw.remote.com
User admin
Port 522
LocalForward 8888 192.168.10.1:80
This code allows you to run the ssh remotefw command on the command interface to connect to the remotefw.remote.com server with the username admin on port 552 . It will also forward the connection on port 8888 of the local system to port 80 of the remote system with the IP address of 192.168.10.1 .

Then access the address http://127.0.0.1:8888 . You will be prompted to access the web platform configuration utility.

After you're done configuring the firewall, simply close the browser window and exit the SSH session.

If this utility does not work, then the remote SSH server will also cancel TCP Forwarding. You will have to connect to the remote system and enable the Allow TcpForwarding password and restart sshd .

The benefits of using TCP Forwarding on SSH to access remote firewall systems rather than enabling and using the administration of remote firewall systems are obvious. If you use SSH, you can restrict user access to SSH, and using password authentication will help prevent any attempt to break into the system. Also it's more secure thanks to SSH encryption.

If you use this method, you can configure the remote pfSense firewall system for workstations. However, the firewall system forwards a port for SSH to connect to the remote network, so you need a license to perform the login.

In addition, SSH also supports error detection or upgrading the firewall.
4 ★ | 1 Vote