Hello Community,
Thi sis my first message here and l hope somebody can share thoughts. We are trying to run an Algosec scan of our SSG firewall from a remote site on a different network.
The issue is that we have an SRX between the 2 endpoints that cannot cope (we believe) with an ssh connection to the NATed address of the SSG.
The red route would be the theoretical current means of getting to the 139.166.x.x firewall from the NERC link, but NAT on the SRX prevents the Algosec from SSHing direct to anything behind the SRX.
What we were thinking was to cable on a different interface on the SSG to the WAN switch, or to a switch on the LAN, giving this a different subnet address to 139.166.x.x (red dashed line), circumventing the SRX completely and then limiting the interface on the SSG to only allow access from the Algosec IP address.
Thx,
Myky