In sec policy I have allowed for some users only RDP and SSH application. But these users are able to use WINSCP application because WINSCP application also using port 22. I want to block winscp application but allow ssh application. How can we achieve this ?
Please help us.
If you see it as an application in your traffic monitoring, then you should be able to create a rule, specifically blocking that application before your allow rule. I had to do the same thing with Webdav and Sharepoint in a recent implementation. If the traffic is only showing up as SSL traffic, then I do not think you can specifically block a program/application. Also, since it is SSL type traffic, you will need to do SSL decryption for that traffic before it would be identified as an application other than SSL.
Not to go too far on this response, but if it is not a standard application and you are doing SSL decryption, you may be able to create your own custom application that is specific to that WINSCP traffic and block the traffic as described above. Sorry, I do not know much about WINSCP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!