Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Tunneling Parameters

The tunneling parameters define settings for the Secure Shell tunnels created by SSH Tectia Connector.

Name

Ciphers (version 4.x only)

Ciphers used in encrypting the Secure Shell tunnel.

This setting is applicable to SSH Tectia Connector 4.x only. SSH Tectia Connector 5.x uses the ciphers defined under Edit configurations → SSH Tectia G3 → Client.

Timeout for the session (seconds) (version 4.x only)

Defines the timeout after which an idle connection is disconnected.

This setting is applicable to SSH Tectia Connector 4.x only.

Timeout when open channels (version 4.x only)

Select this check box to enable the connection to be closed even when there are active tunnels.

This setting is applicable to SSH Tectia Connector 4.x only.

Connect on startup

Enable Connect on startup if the connection should be established to the server when SSH Tectia Connector is started. By default, this option is disabled and the connection is established when the tunneled application is used. This option should be enabled only when there is a relatively small number of destination hosts for the tunneling policy rule.

Firewall URL

The firewall settings are specified in the URL format. Also HTTP can be used instead of SOCKS.

Example URL (a SOCKS server with directly connected networks):

socks://fw.example.com:1080/127.0.0.0/8,192.168.0.0/16
Enable Pseudo IP numbers (version 5.x only)

When this check box is selected and a captured application attempts connection using a hostname, SSH Tectia Connector assigns a pseudo IP address for the host instead of doing a DNS query. When the check box is not selected, a normal DNS query is made.

This setting is applicable to SSH Tectia Connector 5.x only.

Pseudo IP start (version 5.x only)

Define the start address for the pseudo IP numbers.

This setting is applicable to SSH Tectia Connector 5.x only.

Fall back to plain if connection cannot be established (version 5.x only)

If creating the tunnel fails (or the connection to the Secure Shell server fails) the Connection Broker will normally return a "host not reachable" error. However, when this check box is selected a plaintext (unsecured) connection is used instead.

The fallback and pseudo IP options should not be enabled at the same time. If they are, and the secure connection fails, the application will try a direct connection with the pseudo IP, which will not work.

This setting is applicable to SSH Tectia Connector 5.x only.


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now