Your browser does not allow storing cookies. We recommend enabling them.

SSH Firewall

Protecting Critical Infrastructure

Today's societies are online - so is their critical infrastructure. The security and integrity of the foundation of our digital life is a key concern. Nowhere is this as real and tangible as at the network boundaries and firewalls that connect the public Internet and critical infrastructure. Recent history has shown that even information security solutions are not immune to built-in backdoors or vulnerabilities that can expose critical resources to cybercrime or cyberwarfare.

Key infrastructure requires resilient, robust, and scalable protection for private data and available services. SSH Communications Security has over 20 years of history in the frontlines of information security. Back in 1995, we invented the SSH protocol to protect communications and remote logins to servers. This protocol is today the standard for secure remote logins. It is used in every data center, every corporation, every university, and every enterprise of any significance.

SSH Firewall takes this heritage to network boundary security. SSH Firewall appliance protects critical infrastructure. The SSH protocol keeps the world running - SSH Firewall protects it from network attacks.

Software Makes the Difference

SSH Firewall is a software appliance that runs on standard hardware. It integrates flexibly into different network environments and adapts to different deployment modes. All network data that passes the appliance is controlled and processed by SSH’s own code, tested and verified to provide best-of-breed security suitable for critical communications.

SSH Firewall provides encrypted Virtual Private Networks for Ethernet and IP to secure data in transit with Carrier-Class features and performance.

Twice the Performance - Half the Price

SSH Firewall provides an excellent performance-to-price ratio. Using standard hardware lowers the cost of maintenance and spares to minimum. Dedicated packet processing software provides both the performance and security to match the most demanding environments.

Integrated firewall and encryption appliance from SSH offers an unmatched combination of performance and trust with competitive price levels.


  • Suberb packet forwarding and filtering efficiency
  • Support for strong encryption standards (including AES-256-GCM)
  • Automatic and dynamic key exchange, using the IKEv2 standard
  • Support for multiple 10Gbps interfaces
  • Minimized attack vector surface (with SSH proprietary technology)
  • Packet scripting support for instant zero-day exploit mitigations
  • Intuitive Graphical User Interface for easy operation


  • Cost-effective performance
  • Uncompromised network edge security from a neutral vendor
  • Low maintenance costs with standard hardware
  • Attractive total cost of ownership

Use Cases/Products


Deploy SSH Firewall at edge of shared services to protect operations from denial of service attacks and exploits that require immediate action. Encrypt critical backbone links to guarantee data privacy and avoid data breach at any level. Protect network signalling to guarantee correct mode of operation. Improve revenue and customer loyalty with new and unique solutions for business continuity.


Deploy SSH Firewall at network edge to protect operational network segments from typical Internet threats. Keep essential connectivity running even under severe DDoS attack. Offer secured, encrypted access to cloud services from any network, including Internet and MPLS private networks. Interconnect datacenters together with encrypted channels to prevent data breach while data in transit. Make any kind of eavesdropping of customer data useless, either monitored online or stored for later review. Guarantee customer private data to remain private and make it non-useable for any 3rd party.


Encrypt IP-VPN traffic to keep private data private in all circumstances. Prevent any data breach while data is in transit. Enable secure and reliable connectivity to enterprise services from remote sites and users. Reduce backbone transport costs by using Internet as transit carrier and SSH Firewall as trusted VPN enabler.


What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now