SSH Tectia

Tunneling Parameters

The tunneling parameters define settings for the Secure Shell tunnels created by SSH Tectia Connector.

Name

Ciphers (version 4.x only)

Ciphers used in encrypting the Secure Shell tunnel.

This setting is applicable to SSH Tectia Connector 4.x only. SSH Tectia Connector 5.x uses the ciphers defined under Edit configurations → SSH Tectia G3 → Client.

Timeout for the session (seconds) (version 4.x only)

Defines the timeout after which an idle connection is disconnected.

This setting is applicable to SSH Tectia Connector 4.x only.

Timeout when open channels (version 4.x only)

Select this check box to enable the connection to be closed even when there are active tunnels.

This setting is applicable to SSH Tectia Connector 4.x only.

Connect on startup

Enable Connect on startup if the connection should be established to the server when SSH Tectia Connector is started. By default, this option is disabled and the connection is established when the tunneled application is used. This option should be enabled only when there is a relatively small number of destination hosts for the tunneling policy rule.

Firewall URL

The firewall settings are specified in the URL format. Also HTTP can be used instead of SOCKS.

Example URL (a SOCKS server with directly connected networks):

socks://fw.example.com:1080/127.0.0.0/8,192.168.0.0/16
Enable Pseudo IP numbers (version 5.x only)

When this check box is selected and a captured application attempts connection using a hostname, SSH Tectia Connector assigns a pseudo IP address for the host instead of doing a DNS query. When the check box is not selected, a normal DNS query is made.

This setting is applicable to SSH Tectia Connector 5.x only.

Pseudo IP start (version 5.x only)

Define the start address for the pseudo IP numbers.

This setting is applicable to SSH Tectia Connector 5.x only.

Fall back to plain if connection cannot be established (version 5.x only)

If creating the tunnel fails (or the connection to the Secure Shell server fails) the Connection Broker will normally return a "host not reachable" error. However, when this check box is selected a plaintext (unsecured) connection is used instead.

The fallback and pseudo IP options should not be enabled at the same time. If they are, and the secure connection fails, the application will try a direct connection with the pseudo IP, which will not work.

This setting is applicable to SSH Tectia Connector 5.x only.