topic Re: SSH Deep Packet Inspection in Firewall and Security Management

SSH Deep Packet Inspection

SriNarasimha005 — Fri, 03 Nov 2023 08:36:37 GMT

Hello,

We're planning to implement SSH Deep Packet Inspection for the incoming traffic as mentioned here.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/Using-SSH-Inspection.htm

We've multiple servers allowing SSH incoming traffic from the Internet to DMZ.
1. Can you pls let me know how to implement this for any test connection, instead of globally for all servers?
2. Just by identifying the SSH-tunnelling, does it going to automatically drop it or any rules required?

Re: SSH Deep Packet Inspection

G_W_Albrecht — Fri, 03 Nov 2023 09:40:43 GMT

Your linked Admin Guide shows how to Add an inspected SSH server - repeat for multiple servers. Current rules should work as before, added SSH servers are are inspected.

Re: SSH Deep Packet Inspection

ww1m6 — Mon, 13 May 2024 09:38:38 GMT

Hi! Did you manage to implement ssh inspection?