we are trying to access our internal storage using SFTP from internet. after applying file blocking profile we are able to access mentioned files but firewall not restrict the file. we found that file blocking is not happening.
Please advise how to block files when using SFTP.
Having decription in place is a pre-requisite to being able to use the file blocking profile. Having decription configure is important because not having that means other security features are not working. Once you do that, it will detect the file and start working.
SFTP is SSH File Transfer Protocol. https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol You can verify this by looking at the application identified by the NGFW. It should be ssh.
While the NGFW can decrypt SSH, I believe it is only for the purpose of identifying the ssh-tunnel application. So, I don't think SFTP can be identified or decrypted, which would be required to identify the file. In addition, "SFTP is not FTP run over SSH" (URL above). The protocol is different, and if the SSH session were decrypted, it would not be identified as ftp.
If the application is FTPS, then the NGFW will identify it as ssl. Then you could decrypt it, and the NGFW should identify the traffic as FTP. Then the file can be identified and blocked.
Hi @sumit_mame ,
Does your server support FTP over SSL, or FTPS? If so, use that and configure SSL Inbound Inspection on your NGFW. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-inbound-inspectio...
Second, please submit a feature request to your PANW SE to decrypt and decode SFTP. I think a lot of customers would find that useful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!