11-16-2015 11:38 PM
Hi All,
After implementing SSH decryption, can PA have the visibility to idenfity whether commands or any other data is being shared over ssh
with regards,
Ram
11-17-2015 02:45 AM
ssh is basically encrypted telnet.
So when you decrypt it then yes you can see what is going inside it.
11-17-2015 04:02 AM
It is understood that once the we decryption is done we can see whats inside, but i want to block control and allow data is that possible.
with regards,
Ram
11-17-2015 07:59 AM
Hi there...At this time, the SSH decryption is designed to detect tunneling traffic inside of SSH (port forwarding) and block the tunneling. Per the 7.0 manual:
"With the an SSH Proxy decryption policy enabled, all SSH traffic identified by the policy is decrypted and identified as either regular SSH traffic or as SSH tunneled traffic. SSH tunneled traffic is blocked and restricted according to the profiles configured on the firewall. Traffic is re-encrypted as it exits the firewall."
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
