This is a common problem that is being caused by enabling the default 'WAN to Local' firewall policy of the CloudGate to 'accept'. The default setting of the CloudGate when leaving the factory is 'drop' for the 'WAN to Local' firewall policy. Many customers want to reach their CloudGate remotely and choose to open up the entire firewall for incomming connections, rather than just opening up the required parts in the firewall.
This can lead to data consumptions of 10's of GB's in just a few days when hackers are trying to access your CloudGate via SSH!
It is extremely important not to set the 'WAN to Local' firewall policy of the CloudGate to 'accept' at any time when your CloudGate is equipped with a public routable IP-address! By setting it to 'Drop', the hacking attempt will be stopped after just one attempt because no response from the CloudGate was received, thus thinking that there is no device on that IP-address.