Issue:
SSH connection is blocked after the installation of F-Security Linux Security. What are the root cause and solution for this issue?
Resolution:
By default, firewall feature of F-Secure Linux Security is enabled automatically with the firewall profile of "Office" after the product installation.
Due to this, it is blocking the SSH connection from other computers which do not have the same segment as the installed Linux Security server.
If you are not using the firewall feature, it could be disabled during the installation and initial configuration by adding the "nofirewall" option as below.
./fsls-11.10.68 nofirewall/opt/f-secure/fsav/fsav-config nofirewall
/opt/f-secure/fsav/fsav-config nofirewall
Alternavitely, the firewall feature of F-Secure Linux Security could also be disabled after the installation by using the "fschooser" command below, Web User Interface (WEBUI) or F-Secure Policy Manager Console.
/opt/f-secure/fsav/sbin/fschooser
Notes:
1. When executing the above command, press "f" and "Enter" key and press "Enter" key again to apply the setting.
2. You could check the running status of the firewall daemon (fsfwd.run) with the following command.
/etc/init.d/fsma status
In case of WEBUI:
1. Login to WEBUI.
2. Click on "Advanced mode" at the bottom left of the page
3. Select "General Settings" item under the "Firewall" setting
4. Uncheck the "Enable firewall"
5. Click on the "Save" button
In case of Policy Manager Console:
1. Select the "Advanced view" of Policy Manager Console
2. Change the following setting to "Disabled" under the "Settings" tab
F-Secure > F-Secure Linux Security > Settings > Advanced > Enabled Components > Firewall
3. Distribute the policy to the client
If you are using the firewall feature of Linux Security, then you need to edit the default firewall profile of "Office" to allow the SSH connection from computers with a different segment as below.
How to edit the firewall rule:
1. Login to WEBUI
2. Click on "Advanced mode" at the bottom left of the page
3. Select "Firewall rules" under the "Firewall" setting
4. Select "Office" for the firewall profile to edit
5. Select the firewall rule related to SSH at the top
6. Edit the rule by changing "[myNetwork]" to "0.0.0.0.0" or any specific IP address of the remote computer
7. Click on the "Save rule" and "Save" buttons
Article no: 000003527