Partners are unable to SSH to the Edge WAN IP address from the open internet.

Impacted software version:  5.2.x

If a customer’s has business policy on top routing internet traffic through Zscaler or a Cloud security tunnel, when a user attempts to SSH to the Edge WAN IP address from the open internet, the TCP SYN message will be received on the underlay.

The Edge will then respond with a SYN-ACK packet via the Zscaler tunnel, matching the cloud route and the business policy configured on the Edge. This results in a TCP connection timeout, causing the SSH connection to fail.

As a workaround, configure a new business policy at the top that specifically the traffic with source port 22 and send via underlay.

Issue is being tracked under bug ID# 155143 and fix is not available yet.