Hot!No sensors for SSH traffic?

Author
Dan Dan
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/12 13:50:46
  • Status: offline
2018/01/16 10:55:17 (permalink)
0

No sensors for SSH traffic?

I see that SSH is not an option for "Examine the following Services" in a DLP sensor. Many organizations use SFTP for file transfer, and there is concern that Data Loss will occur this way. Is there any plan to give DLP the ability to inspect SSH traffic?
#1

2 Replies Related Threads

    Dan Dan
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/12 13:50:46
    • Status: offline
    Re: No sensors for SSH traffic? 2018/02/12 10:28:28 (permalink)
    0
    Does the DLP sensor detect the protocol being used, or is it based on ports only? So, for example, if I have FTP filters enabled, does the the DLP sensor look at traffic on port 21 only? If I have FTP set up on a non-standard port, will the DLP sensor detect this?
    post edited by Dan Dan - 2018/02/12 10:35:11
    #2
    darwin_FTNT
    Bronze Member
    • Total Posts : 34
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/04/24 18:12:28
    • Status: offline
    Re: No sensors for SSH traffic? 2018/05/11 18:42:23 (permalink)
    0
    It seems you need to configure a ssh proxy server:
     
    http://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/SSL_SSH_Inspection/SSH%20MITM%20deep%20inspection.htm
     
    Then after the ssh mitm inspection, the plain packets should be detected by either proxy-based or flow-based utm profiles.
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5