control over ssh traffic - command or data

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

control over ssh traffic - command or data

L4 Transporter

Hi All,

          After implementing SSH decryption, can  PA have the visibility to idenfity whether commands or any other data is being shared over ssh

 

 

 

with regards,

Ram

3 REPLIES 3

Cyber Elite
Cyber Elite

ssh is basically encrypted telnet.

So when you decrypt it then yes you can see what is going inside it.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

It is understood that once the we decryption is done we can see whats inside, but i want to block control and allow data is that possible.

 

 

with regards,

Ram

Hi there...At this time, the SSH decryption is designed to detect tunneling traffic inside of SSH (port forwarding) and block the tunneling.  Per the 7.0 manual:

 

"With the an SSH Proxy decryption policy enabled, all SSH traffic identified by the policy is decrypted and identified as either regular SSH traffic or as SSH tunneled traffic. SSH tunneled traffic is blocked and restricted according to the profiles configured on the firewall. Traffic is re-encrypted as it exits the firewall."

  • 2782 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!