Want to allow SFTP only and not SSH Traffic

Reply
L2 Linker

Want to allow SFTP only and not SSH Traffic

Hi Team,

 

I am trying to achieve my requirement however, unable to achieve it. Please review my requirement below and suggest your thoughts if there are any possible way to accomplish.

 

I want to block SSH traffic and at the same time i need to allow SFTP traffic for our users. I have referred to some KB Article and that states in order to allow the SFTP traffic we need to allow SSH application. So if in this case Normal SSH Traffic also will get allowed. So please share your thoughts for the same.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHtCAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOPCA0

 

Also i can see that, there is a feature request for creating a separate App ID for SFTP (Link Mentioned below). Can i know the status on that as well.

 

https://live.paloaltonetworks.com/t5/General-Topics/How-to-restrict-FTP-and-SFTP-access-using-a-secu...

 

Awaiting for your response !!

 

Best Regards,

Sahul Hameed

Community Team Member

Re: Want to allow SFTP only and not SSH Traffic

Hi @SahulH ,

 

Yes there is indeed an open feature request for this (to differentiate SFTP from SSH in APP-ID). 

 

Please reach out to your local SE and have him add your vote to the FR:

FR ID: 2555

 

Cheers,

-Kiwi.

 
L2 Linker

Re: Want to allow SFTP only and not SSH Traffic

Hi @kiwi ,

 

Thanks for your response on my query, Also i want to know is there of any way to accomplish the necessary requirement in our Current scenario without having a separate App ID for SFTP. To block SSH and allow only SFTP traffic. Do let us know on this as well.

 

Thanks in advance !!

 

Best Regards,

Sahul Hameed

 

 

L4 Transporter

Re: Want to allow SFTP only and not SSH Traffic

Since SFTP is just FTP over SSH, it implicitly is just SSH. So without deeper inspection of the packets by the AppID enigne there is no way to a SSH terminal over SFTP. 

 

 

L7 Applicator

Re: Want to allow SFTP only and not SSH Traffic

Hello,

How about a whitelist that allows your users to only sites that are approved?

 

Just a thought.

L4 Transporter

Re: Want to allow SFTP only and not SSH Traffic

Agreed!  SFTP is just an FTP feature traversing over SSH.  They are essentially the same protocol.  You would have to have some crazy man-in-the-middle encrypt/decrypt to even attempt this.  This sounds a lot like security engineer over-reach or misunderstanding of protocols.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!