diff --git a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py
index 9aa5ef41f..ffbd21c90 100644
--- a/envs/monkey_zoo/blackbox/gcp_test_machine_list.py
+++ b/envs/monkey_zoo/blackbox/gcp_test_machine_list.py
@@ -11,6 +11,7 @@ GCP_TEST_MACHINE_LIST = {
         "tunneling-10",
         "tunneling-11",
         "tunneling-12",
+        "tunneling-13",
         "zerologon-25",
     ],
     "europe-west1-b": [
@@ -52,7 +53,6 @@ DEPTH_3_A = {
         "tunneling-9",
         "tunneling-10",
         "tunneling-11",
-        "tunneling-12",
         "mimikatz-15",
     ],
     "europe-west1-b": [
@@ -63,6 +63,16 @@ DEPTH_3_A = {
     ],
 }
 
+DEPTH_4_A = {
+    "europe-west1-b": [
+        "tunneling-9",
+        "tunneling-10",
+        "tunneling-12",
+        "tunneling-13",
+    ],
+}
+
+
 POWERSHELL_EXPLOITER_REUSE = {
     "europe-west1-b": [
         "powershell-3-46",
@@ -88,6 +98,7 @@ GCP_SINGLE_TEST_LIST = {
     "test_depth_2_a": DEPTH_2_A,
     "test_depth_1_a": DEPTH_1_A,
     "test_depth_3_a": DEPTH_3_A,
+    "test_depth_4_a": DEPTH_4_A,
     "test_powershell_exploiter_credentials_reuse": POWERSHELL_EXPLOITER_REUSE,
     "test_zerologon_exploiter": ZEROLOGON,
     "test_wmi_and_mimikatz_exploiters": WMI_AND_MIMIKATZ,
diff --git a/envs/monkey_zoo/blackbox/test_blackbox.py b/envs/monkey_zoo/blackbox/test_blackbox.py
index 16ee4c0be..be8f4fe2c 100644
--- a/envs/monkey_zoo/blackbox/test_blackbox.py
+++ b/envs/monkey_zoo/blackbox/test_blackbox.py
@@ -18,6 +18,7 @@ from envs.monkey_zoo.blackbox.test_configurations import (
     wmi_mimikatz_test_configuration,
     zerologon_test_configuration,
 )
+from envs.monkey_zoo.blackbox.test_configurations.depth_4_a import depth_4_a_test_configuration
 from envs.monkey_zoo.blackbox.test_configurations.test_configuration import TestConfiguration
 from envs.monkey_zoo.blackbox.tests.exploitation import ExploitationTest
 from envs.monkey_zoo.blackbox.utils.gcp_machine_handlers import (
@@ -123,6 +124,11 @@ class TestMonkeyBlackbox:
             island_client, depth_3_a_test_configuration, "Depth3A test suite"
         )
 
+    def test_depth_4_a(self, island_client):
+        TestMonkeyBlackbox.run_exploitation_test(
+            island_client, depth_4_a_test_configuration, "Depth4A test suite"
+        )
+
     # Not grouped because can only be ran on windows
     @pytest.mark.skip_powershell_reuse
     def test_powershell_exploiter_credentials_reuse(self, island_client):
diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py
index 0a39a5e59..049521858 100644
--- a/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py
+++ b/envs/monkey_zoo/blackbox/test_configurations/depth_3_a.py
@@ -16,7 +16,7 @@ from .utils import (
 
 # Tests:
 #     Powershell (10.2.3.45, 10.2.3.46, 10.2.3.47, 10.2.3.48)
-#     Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.11)
+#     Tunneling through grandparent agent (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.11)
 #     WMI pass the hash (10.2.2.15)
 
 
@@ -38,7 +38,6 @@ def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
         "10.2.3.47",
         "10.2.3.48",
         "10.2.1.10",
-        "10.2.0.12",
         "10.2.0.11",
         "10.2.2.15",
     ]
@@ -62,7 +61,6 @@ CREDENTIALS = (
     Credentials(None, Password("Passw0rd!")),
     Credentials(None, Password("3Q=(Ge(+&w]*")),
     Credentials(None, Password("`))jU7L(w}")),
-    Credentials(None, Password("t67TC5ZDmz")),
     Credentials(None, NTHash("d0f0132b308a0c4e5d1029cc06f48692")),
     Credentials(None, NTHash("5da0889ea2081aa79f6852294cba4a5e")),
     Credentials(None, NTHash("50c9987a6bf1ac59398df9f911122c9b")),
diff --git a/envs/monkey_zoo/blackbox/test_configurations/depth_4_a.py b/envs/monkey_zoo/blackbox/test_configurations/depth_4_a.py
new file mode 100644
index 000000000..83e9dc785
--- /dev/null
+++ b/envs/monkey_zoo/blackbox/test_configurations/depth_4_a.py
@@ -0,0 +1,65 @@
+import dataclasses
+
+from common.agent_configuration import AgentConfiguration, PluginConfiguration
+from common.credentials import Credentials, Password, Username
+
+from .noop import noop_test_configuration
+from .utils import (
+    add_exploiters,
+    add_subnets,
+    add_tcp_ports,
+    replace_agent_configuration,
+    replace_propagation_credentials,
+    set_keep_tunnel_open_time,
+    set_maximum_depth,
+)
+
+# Tests:
+#     Tunneling (SSH brute force) (10.2.2.9, 10.2.1.10, 10.2.0.12, 10.2.0.13)
+
+
+def _add_exploiters(agent_configuration: AgentConfiguration) -> AgentConfiguration:
+    brute_force = [
+        PluginConfiguration(name="SSHExploiter", options={}),
+        PluginConfiguration(name="WmiExploiter", options={"smb_download_timeout": 30}),
+    ]
+
+    return add_exploiters(agent_configuration, brute_force=brute_force, vulnerability=[])
+
+
+def _add_subnets(agent_configuration: AgentConfiguration) -> AgentConfiguration:
+    subnets = [
+        "10.2.2.9",
+        "10.2.1.10",
+        "10.2.0.12",
+        "10.2.2.13",
+    ]
+    return add_subnets(agent_configuration, subnets)
+
+
+def _add_tcp_ports(agent_configuration: AgentConfiguration) -> AgentConfiguration:
+    ports = [22, 135, 5985, 5986]
+    return add_tcp_ports(agent_configuration, ports)
+
+
+test_agent_configuration = set_maximum_depth(noop_test_configuration.agent_configuration, 4)
+test_agent_configuration = set_keep_tunnel_open_time(test_agent_configuration, 20)
+test_agent_configuration = _add_exploiters(test_agent_configuration)
+test_agent_configuration = _add_subnets(test_agent_configuration)
+test_agent_configuration = _add_tcp_ports(test_agent_configuration)
+
+CREDENTIALS = (
+    Credentials(Username("m0nk3y"), None),
+    Credentials(None, Password("3Q=(Ge(+&w]*")),
+    Credentials(None, Password("`))jU7L(w}")),
+    Credentials(None, Password("prM2qsroTI")),
+    Credentials(None, Password("t67TC5ZDmz")),
+)
+
+depth_4_a_test_configuration = dataclasses.replace(noop_test_configuration)
+replace_agent_configuration(
+    test_configuration=depth_4_a_test_configuration, agent_configuration=test_agent_configuration
+)
+replace_propagation_credentials(
+    test_configuration=depth_4_a_test_configuration, propagation_credentials=CREDENTIALS
+)
diff --git a/envs/monkey_zoo/docs/fullDocs.md b/envs/monkey_zoo/docs/fullDocs.md
index 077ccfc59..b08a89bfc 100644
--- a/envs/monkey_zoo/docs/fullDocs.md
+++ b/envs/monkey_zoo/docs/fullDocs.md
@@ -303,7 +303,7 @@ Update all requirements using deployment script:<br>
 </tr>
 <tr class="even">
 <td>Root password:</td>
-<td>3Q=(Ge(+&amp;w]*</td>
+<td>3Q=(Ge(+&w]*</td>
 </tr>
 <tr class="odd">
 <td>Server’s config:</td>
@@ -343,7 +343,10 @@ Update all requirements using deployment script:<br>
 </tr>
 <tr class="odd">
 <td>Server’s config:</td>
-<td>Default</td>
+<td>Contains firewall rules to block everything from 10.2.1.10 except ssh.
+This prevents tunneling communication, but allows ssh exploitation.
+Contains firewall rules to allow everything from 10.2.1.9 except ssh.
+This prevents ssh exploitation, but allows tunneling.</td>
 </tr>
 <tr class="even">
 <td>Notes:</td>
@@ -384,6 +387,38 @@ Update all requirements using deployment script:<br>
 </tbody>
 </table>
 
+<table>
+<thead>
+<tr class="header">
+<th><p><span id="_Toc536021463" class="anchor"></span>Nr. <strong>13</strong> Tunneling M5</p>
+<p>(10.2.0.13)</p></th>
+<th>(Exploitable)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td>OS:</td>
+<td><strong>Ubuntu 18 x64</strong></td>
+</tr>
+<tr class="odd">
+<td>Default service’s port:</td>
+<td>22</td>
+</tr>
+<tr class="even">
+<td>Root password:</td>
+<td>prM2qsroTI</td>
+</tr>
+<tr class="odd">
+<td>Server’s config:</td>
+<td>Configured to disable traffic from/to 10.2.0.10 and 10.2.0.11(via ufw and iptables)</td>
+</tr>
+<tr class="even">
+<td>Notes:</td>
+<td>Accessible only through Nr.12</td>
+</tr>
+</tbody>
+</table>
+
 <table>
 <thead>
 <tr class="header">
diff --git a/envs/monkey_zoo/docs/images/tunneling_diagram.png b/envs/monkey_zoo/docs/images/tunneling_diagram.png
new file mode 100644
index 000000000..fdd63e968
Binary files /dev/null and b/envs/monkey_zoo/docs/images/tunneling_diagram.png differ
diff --git a/envs/monkey_zoo/docs/tunneling_diagram.drawio b/envs/monkey_zoo/docs/tunneling_diagram.drawio
new file mode 100644
index 000000000..7b1ae9561
--- /dev/null
+++ b/envs/monkey_zoo/docs/tunneling_diagram.drawio
@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2022-09-09T14:43:18.604Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" etag="hR7zJg_PJGBkx010pojR" version="20.3.0" type="device"><diagram id="UsVsRtHn_Xg_yxI8nRbj" name="Page-1">7VrbbuM2EP0aP9aQRN38uLHsTYEtGiAo0jwFjMSV2KVEg6J86deXtEhbF1eWW9tSsEHyYM6MJHLOOcPRZQLm6fYrg6vkNxohMrGMaDsBwcSyTNuyJvLfiHalxZvZpSFmOFJBR8Mz/hspo6GsBY5QXgvklBKOV3VjSLMMhbxmg4zRTT3sOyX1q65gjFqG5xCStvUFRzwprb5jHO2PCMeJvrJpKE8KdbAy5AmM6KZiAosJmDNKefkr3c4RkcnTeSmPW/6L9zAxhjLe5wAneCPB79/gSxC+PT4t053Jlr94am58pxeMIrF+NaSMJzSmGSSLo/WB0SKLkDyrIUbHmG+UroTRFMa/EOc7BSYsOBWmhKdEedszV4vJacFC1DFdzQDIYsQ74hTp5FoqF1B5+YpoijjbiQCGCOR4XccaKsrEhzh16BfG4K4SsKI443nlzE/SIAIU+w/QK+6bbgOhy+LFj3IGelRZytG0R/0CBqhFryEpVBp+zQnMohYx6rBvEszR8wru4doI7feEeI0YR9tOUJTXbyRDS25zlOFBbElFgvq4UzBWUnl5pvyPpRWrp1bMUWpFbwB9tdKIv41WZkMwQADPdn+q4/eDVzmYWo4eB9uqN9ip0e2pA0ZBHdCsFF43dc7E34Y6VqvM8kJ0LARnsaSVS0SeH96Z+BXzPXZNiykQF38nYvcec9om570rtuWOrWTrLvKj1GzQU3j2KIRnzxp4n6nZZ+Jv1N9YP0nR7ssdZ5Tc0TXgWlwIXsHzDIePThy8sMfiD7i0uG51hqgGjXTfFmJrEESNBqLGmWrQHX+bagA6tmFZjXruw+b0VPDeZUxPbDr33olte3Q78YDa+y9Ssy+R2jWr6f/Kst1Fb/MSep8I1vRuIzk4vb2h2Q2GbTIqfcVr1Xn1JsPpKYtx3BnarlPjCbhLw2n/JA1nXy64o+CC12w3/O725Ez8bbjjdNVvq3f9FkW6fddz7yLtNB6zHJ4ODFelnY/Vg7g9BTaOOzrPrOMNzjwNOBN/G4G5XQIDlwisvePfW2CePTqBea30trKU/0A8TFSS9pxCbLFGklplZg7vSWVABPPkkNJK+nLO6A80p4QyYcloJqX6HROiTRMLBEt/bov8PRD4jsgTzTHHNBO+EMmLCofMNQ6FlhsB75RzmlYCvhAcSweXmn+AanQ4Dy24YJCYjn4HbZTrWMk1p9tYvhqfrhGCqTUVgcX2ShW2+b5w1iYAsNv4a9v18fc/8b8j/qBZAMyh8Z994j+g/r2B4dfT+YT/LvD7DfiB4Q6Mf/tbkjb+14J3sfSXljkueKdp/rbBWbT/6uwaELuNN6rAakvcPtHhgdnUvxhkMTx+jVY23Mdv+sDiHw==</diagram></mxfile>
diff --git a/envs/monkey_zoo/terraform/images.tf b/envs/monkey_zoo/terraform/images.tf
index 3dadc5876..a33953252 100644
--- a/envs/monkey_zoo/terraform/images.tf
+++ b/envs/monkey_zoo/terraform/images.tf
@@ -23,6 +23,10 @@ data "google_compute_image" "tunneling-12" {
   name = "tunneling-12"
   project = local.monkeyzoo_project
 }
+data "google_compute_image" "tunneling-13" {
+  name = "tunneling-13"
+  project = local.monkeyzoo_project
+}
 data "google_compute_image" "sshkeys-11" {
   name = "sshkeys-11"
   project = local.monkeyzoo_project
diff --git a/envs/monkey_zoo/terraform/monkey_zoo.tf b/envs/monkey_zoo/terraform/monkey_zoo.tf
index de0b922f5..a15e6b9f4 100644
--- a/envs/monkey_zoo/terraform/monkey_zoo.tf
+++ b/envs/monkey_zoo/terraform/monkey_zoo.tf
@@ -127,6 +127,10 @@ resource "google_compute_instance_from_template" "tunneling-11" {
     subnetwork="${local.resource_prefix}tunneling2-main"
     network_ip="10.2.0.11"
   }
+  network_interface{
+    subnetwork="${local.resource_prefix}tunneling-main"
+    network_ip="10.2.1.11"
+  }
 }
 
 resource "google_compute_instance_from_template" "tunneling-12" {
@@ -144,6 +148,21 @@ resource "google_compute_instance_from_template" "tunneling-12" {
   }
 }
 
+resource "google_compute_instance_from_template" "tunneling-13" {
+  name = "${local.resource_prefix}tunneling-13"
+  source_instance_template = local.default_ubuntu
+  boot_disk{
+    initialize_params {
+      image = data.google_compute_image.tunneling-13.self_link
+    }
+    auto_delete = true
+  }
+  network_interface{
+    subnetwork="${local.resource_prefix}tunneling2-main"
+    network_ip="10.2.0.13"
+  }
+}
+
 resource "google_compute_instance_from_template" "sshkeys-11" {
   name = "${local.resource_prefix}sshkeys-11"
   source_instance_template = local.default_ubuntu