So, I would like to be able to enforce file blocking between our external FTP,sftp,scp server that is published in our DMZ. Users coming into the DMZ are NAT'ed from a public IP space to 172.16.0.0/16 space. I have enabled SSH proxy decryption between the outside and the DMZ interfaces and traffic is being decrypted as shown by the traffic logs. I am not however, seeing any file identification occurring between the outside and the DMZ over SSH. I only see ftp file transfers. Is the SSH proxy decryption only used in application identification to identify SSH tunneling? and cant be used in file blocking rules? Do I have my proxy in the wrong place? Should it be between the NAT and the host in the DMZ or between the NAT and the outside? Anyone have any insight?
... View more