07-17-2019 12:46 PM
Hi all,
I just set up SSH decryption, also known as SSH proxy on the palo alto.
When I look at the actual sessions, I do see a checked box near to decrypted, so according to me the decryption itself works.
I also got a warning about a man in the middle attack after I enabled the decryption, because the keys changed.
Now what I want to achieve, is that SFTP file transfers are being scanned for virusses.
I downloaded the eicar.com test file to an external VPS on the internet, and I did SFTP to transfer this eicar.com file to a server I have protected by the palo alto and with SSH proxy decryption enabled.
Even though the palo sees the traffic, marks it as decrypted, and on the security antivirus is enabled, the palo does not seem to care about the fact that a virus is being uploaded.
What am I missing here?
Thank you for the pointers.
