https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93403#M43852 <P>Hi,</P><P>&nbsp;</P><P>Any ideas on better controlling what gets transferred over a decrypted (by the Palo Alto's ssh decryption feature) SSH session.</P><P>&nbsp;</P><P>I don't see an option blocking file up- or downloads via the fileblocking feature for SSH or an other corresponding protocol, nor is it possible creating a custom definition (for what's being transferred within SSH).</P><P>&nbsp;</P><P>The Palo Alto is telling me that it has "Decrypted" the SSH session, but no way of controling protocols or files in there...</P><P>&nbsp;</P><P>Probably some of you have had the same thing coming up and know a little more...</P><P>&nbsp;</P><P>Thanks and best regards,</P><P>&nbsp;</P><P>Peter</P> Thu, 30 Jun 2016 14:25:10 GMT pschoenegger-gm 2016-06-30T14:25:10Z https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93403#M43852 <P>Hi,</P><P>&nbsp;</P><P>Any ideas on better controlling what gets transferred over a decrypted (by the Palo Alto's ssh decryption feature) SSH session.</P><P>&nbsp;</P><P>I don't see an option blocking file up- or downloads via the fileblocking feature for SSH or an other corresponding protocol, nor is it possible creating a custom definition (for what's being transferred within SSH).</P><P>&nbsp;</P><P>The Palo Alto is telling me that it has "Decrypted" the SSH session, but no way of controling protocols or files in there...</P><P>&nbsp;</P><P>Probably some of you have had the same thing coming up and know a little more...</P><P>&nbsp;</P><P>Thanks and best regards,</P><P>&nbsp;</P><P>Peter</P> Thu, 30 Jun 2016 14:25:10 GMT https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93403#M43852 pschoenegger-gm 2016-06-30T14:25:10Z https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93410#M43855 <P>I don't think the firewall can do this unfortuantly. You can block SSH tunnelled apps however by blocking the SSH-tunnel application.</P><P>&nbsp;</P><P>You can find out more info here:</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Documentation-Articles/SSH-tunneling-Control/ta-p/53134" target="_blank">https://live.paloaltonetworks.com/t5/Documentation-Articles/SSH-tunneling-Control/ta-p/53134</A></P><P>&nbsp;</P><P>hope this helps,</P><P>Ben</P> Thu, 30 Jun 2016 14:56:00 GMT https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93410#M43855 bmorris1 2016-06-30T14:56:00Z https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93415#M43857 <P>SSH decryption cannot control the traffic/command going inside the ssh tunnel.</P> Thu, 30 Jun 2016 16:37:50 GMT https://live.paloaltonetworks.com/t5/general-topics/analysis-and-control-of-protocol-running-in-ssh-like-sftp/m-p/93415#M43857 pankaku 2016-06-30T16:37:50Z