https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9591#M7025 <HTML><HEAD></HEAD><BODY><P>I am use to Bitvise SSH Server.(Personal version)</P><P></P><P>and I don't know;;</P><P>SSH Server is being normally</P><P></P><P>SSH2 is right;;</P><P>maybe It seems that Supported ciphers</P><P></P><P>Supported ciphers</P><P>AES128 CTR, AES196 CTR, AES256 CTR, AES128 CBC, AES192 CBC, AES256 CBC</P><P>Supported message authentication functions</P><P>HMAC-MD5, HMAC-SHA1, HMAC-MD5-96, HMAC-SHA1-96, HMAC-RIPEMD128, HMAC-RIPEMD160</P><P></P><P>I red document SSH tunneling </P><P>Do ciphers relative ciphers?</P></BODY></HTML> Mon, 28 Oct 2013 08:09:56 GMT SilverTiger 2013-10-28T08:09:56Z https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9589#M7023 <HTML><HEAD></HEAD><BODY><P>So, I would like to be able to enforce file blocking between our external FTP,sftp,scp server that is published in our DMZ. Users coming into the DMZ are NAT'ed from a public IP space to 172.16.0.0/16 space. I have enabled SSH proxy decryption between the outside and the DMZ interfaces and traffic is being decrypted as shown by the traffic logs. I am not however, seeing any file identification occurring between the outside and the DMZ over SSH. I only see ftp file transfers.</P><P></P><UL><LI>Is the SSH proxy decryption only used in application identification to identify SSH tunneling? and cant be used in file blocking rules?</LI><LI>Do I have my proxy in the wrong place? Should it be between the NAT and the host in the DMZ or between the NAT and the outside?</LI></UL><P></P><P>Anyone have any insight?</P></BODY></HTML> Wed, 22 Aug 2012 01:25:58 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9589#M7023 BrutalDismount 2012-08-22T01:25:58Z https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9590#M7024 <HTML><HEAD></HEAD><BODY><P>Currently it is possible to tunnel other applications through SSH by enabling port forwarding on SSH. This can be considered a security risk because a user could potentially circumvent the application based security policies on the Paloalto device. <BR />The Paloalto device is able to address this risk with the ssh proxy feature. Via a decryption policy,&nbsp;&nbsp;&nbsp; you can configure the PA to decrypt a ssh session and if the users does any ssh port forwarding, remote forwarding or X11, the session will be determined to be ssh tunnel. In turn action can be taken on the ssh tunnel application according to the security policies.</P><P>It is important to note the following:</P><P>1. The same "man in the middle" method for SSL decryption is used for SSH proxy.<BR />2. Also, currently the PA only supports SSH version 2.....(if the client only supports SSH version 1, when it receives the version string from the Paloalto device, it should exit).<BR />3. Content and threat inspection is not done on the SSH Tunnel session. </P></BODY></HTML> Thu, 17 Jan 2013 01:05:18 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9590#M7024 swhyte 2013-01-17T01:05:18Z https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9591#M7025 <HTML><HEAD></HEAD><BODY><P>I am use to Bitvise SSH Server.(Personal version)</P><P></P><P>and I don't know;;</P><P>SSH Server is being normally</P><P></P><P>SSH2 is right;;</P><P>maybe It seems that Supported ciphers</P><P></P><P>Supported ciphers</P><P>AES128 CTR, AES196 CTR, AES256 CTR, AES128 CBC, AES192 CBC, AES256 CBC</P><P>Supported message authentication functions</P><P>HMAC-MD5, HMAC-SHA1, HMAC-MD5-96, HMAC-SHA1-96, HMAC-RIPEMD128, HMAC-RIPEMD160</P><P></P><P>I red document SSH tunneling </P><P>Do ciphers relative ciphers?</P></BODY></HTML> Mon, 28 Oct 2013 08:09:56 GMT https://live.paloaltonetworks.com/t5/general-topics/data-filter-with-ssh-proxy-decryption/m-p/9591#M7025 SilverTiger 2013-10-28T08:09:56Z