This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Want to allow SFTP only and not SSH Traffic

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Want to allow SFTP only and not SSH Traffic

SahulH
L3 Networker

‎01-29-2020 03:19 AM

Hi Team,

 

I am trying to achieve my requirement however, unable to achieve it. Please review my requirement below and suggest your thoughts if there are any possible way to accomplish.

 

I want to block SSH traffic and at the same time i need to allow SFTP traffic for our users. I have referred to some KB Article and that states in order to allow the SFTP traffic we need to allow SSH application. So if in this case Normal SSH Traffic also will get allowed. So please share your thoughts for the same.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHtCAK

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOPCA0

 

Also i can see that, there is a feature request for creating a separate App ID for SFTP (Link Mentioned below). Can i know the status on that as well.

 

https://live.paloaltonetworks.com/t5/General-Topics/How-to-restrict-FTP-and-SFTP-access-using-a-secu...

 

Awaiting for your response !!

 

Best Regards,

Sahul Hameed

0 Likes Likes
5 REPLIES 5

kiwi
Community Team Member

‎01-29-2020 03:35 AM

Hi @SahulH ,

 

Yes there is indeed an open feature request for this (to differentiate SFTP from SSH in APP-ID). 

 

Please reach out to your local SE and have him add your vote to the FR:

FR ID: 2555

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

SahulH
L3 Networker
In response to kiwi

‎01-29-2020 03:42 AM

Hi @kiwi ,

 

Thanks for your response on my query, Also i want to know is there of any way to accomplish the necessary requirement in our Current scenario without having a separate App ID for SFTP. To block SSH and allow only SFTP traffic. Do let us know on this as well.

 

Thanks in advance !!

 

Best Regards,

Sahul Hameed

 

 

0 Likes Likes

RobinClayton
L4 Transporter
In response to SahulH

‎01-29-2020 06:56 AM

Since SFTP is just FTP over SSH, it implicitly is just SSH. So without deeper inspection of the packets by the AppID enigne there is no way to a SSH terminal over SFTP. 

 

 

OtakarKlier
Cyber Elite
Cyber Elite
In response to RobinClayton

‎01-29-2020 08:20 AM

Hello,

How about a whitelist that allows your users to only sites that are approved?

 

Just a thought.

0 Likes Likes

jeremy.larsen
L4 Transporter
In response to RobinClayton

‎01-30-2020 06:51 AM

Agreed!  SFTP is just an FTP feature traversing over SSH.  They are essentially the same protocol.  You would have to have some crazy man-in-the-middle encrypt/decrypt to even attempt this.  This sounds a lot like security engineer over-reach or misunderstanding of protocols.

0 Likes Likes
  • 13739 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks