https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68277#M39856 <P>Hi there...At this time, the SSH decryption is designed to detect tunneling traffic inside of SSH (port forwarding) and block the tunneling. &nbsp;Per the 7.0 manual:</P> <P>&nbsp;</P> <P>"With the an SSH Proxy decryption policy enabled, all SSH traffic&nbsp;identified by the policy is decrypted and identified as either regular&nbsp;SSH traffic or as SSH tunneled traffic. SSH tunneled traffic is&nbsp;blocked and restricted according to the profiles configured on the&nbsp;firewall. Traffic is re-encrypted as it exits the firewall."</P> Tue, 17 Nov 2015 15:59:57 GMT rmonvon 2015-11-17T15:59:57Z https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68259#M39845 <P>Hi All,</P> <P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; After implementing SSH decryption, can&nbsp; PA have the visibility to idenfity whether commands or any other data is being shared over ssh</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>with regards,</P> <P>Ram</P> Tue, 17 Nov 2015 07:38:15 GMT https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68259#M39845 Gururaj 2015-11-17T07:38:15Z https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68265#M39850 <P>ssh is basically encrypted telnet.</P> <P>So when you decrypt it then yes you can see what is going inside it.</P> Tue, 17 Nov 2015 10:45:52 GMT https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68265#M39850 Raido_Rattameister 2015-11-17T10:45:52Z https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68267#M39851 <P>It is understood that once the we decryption is done we can see whats inside, but i want to block control and allow data is that possible.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>with regards,</P> <P>Ram</P> Tue, 17 Nov 2015 12:02:39 GMT https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68267#M39851 Gururaj 2015-11-17T12:02:39Z https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68277#M39856 <P>Hi there...At this time, the SSH decryption is designed to detect tunneling traffic inside of SSH (port forwarding) and block the tunneling. &nbsp;Per the 7.0 manual:</P> <P>&nbsp;</P> <P>"With the an SSH Proxy decryption policy enabled, all SSH traffic&nbsp;identified by the policy is decrypted and identified as either regular&nbsp;SSH traffic or as SSH tunneled traffic. SSH tunneled traffic is&nbsp;blocked and restricted according to the profiles configured on the&nbsp;firewall. Traffic is re-encrypted as it exits the firewall."</P> Tue, 17 Nov 2015 15:59:57 GMT https://live.paloaltonetworks.com/t5/general-topics/control-over-ssh-traffic-command-or-data/m-p/68277#M39856 rmonvon 2015-11-17T15:59:57Z