We should remove the ssh portforwarding from our firewall setup
Our Rule causes a problem with outgoing ssh connections on port 22. With our rule it's no longer possible to reach ssh-servers outside the local network via port 22.
Instead of a portforwarding it's possible to configure sshd to listen on two different ports. We should leave port 22 open and add our higher port additionally. In our firewall setup we should open both ports for the internal zones and just the high port in the external zone.