https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214240#M40894 <P>Well, that's a start.</P> <P>The best way to confirm is via telnet to port 22 to the protected server.<BR />This (along with troubleshooting) is listed at the bottom of the documentation linked earlier in this thread.</P> Tue, 14 May 2024 22:02:56 GMT PhoneBoy 2024-05-14T22:02:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210171#M39825 <P>Hello friends!<BR />I am currently looking into implemnting ssh inspection feature for the checkpoint security gateway, and I was unable to find a lot of information or guides on this feature (except the two minimal guides on the checkpoint site) so I would be glad if someone can point me to a more comprehensive guide or document, or maybe answer some of my questions regarding this feature -&nbsp; the ssh client needs to ssh to the security gateway or to the ssh server (and the session just passes the security gateway)?<BR /><BR />Thanks in advance:)</P> Mon, 01 Apr 2024 12:58:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210171#M39825 bob111 2024-04-01T12:58:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210172#M39826 <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/Using-SSH-Inspection.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/Using-SSH-Inspection.htm</A></P> Mon, 01 Apr 2024 13:26:37 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210172#M39826 the_rock 2024-04-01T13:26:37Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210185#M39829 <P>The only resource for SSH Deep Packet Inspection is the one&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;provided in the formal documentation.&nbsp; Most people aren't even aware this feature exists since it can't be configured in the SmartConsole GUI.&nbsp; You may also see references to "RDP Inspection" if you look around in the documentation hard enough; this feature had a very short lifespan and is no longer present.</P> Mon, 01 Apr 2024 14:40:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210185#M39829 Timothy_Hall 2024-04-01T14:40:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210187#M39831 <P>Thank you very much for the replies!&nbsp;<BR />What do you mean by "no longer present"?</P> Mon, 01 Apr 2024 14:59:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210187#M39831 bob111 2024-04-01T14:59:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210188#M39832 <P>Maybe you can confirm with TAC if they have any other additional info about it.</P> <P>Andy</P> Mon, 01 Apr 2024 15:18:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210188#M39832 the_rock 2024-04-01T15:18:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210606#M39901 <P>Hello&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/597">@Timothy_Hall</a>, did you mean that ssh inspection is a feature that is no longer present or rdp inspection?</P> Sun, 07 Apr 2024 11:15:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210606#M39901 ww1m6 2024-04-07T11:15:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210609#M39902 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/597">@Timothy_Hall</a>,&nbsp; The ssh inspection feature had a very short lifespan and is no longer present or the rdp inspection?</P> Sun, 07 Apr 2024 12:58:39 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210609#M39902 ww1m6 2024-04-07T12:58:39Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210610#M39903 <P>RDP Inspection is no longer present.&nbsp; See here:&nbsp;<A id="link_12" href="https://community.checkpoint.com/t5/Security-Gateways/Remote-Desktop-Inspection-Still-Supported/m-p/178816?search-action-id=86009946178&amp;search-result-uid=178816" target="_blank">Remote Desktop&nbsp;Inspection&nbsp;Still Supported?</A></P> Sun, 07 Apr 2024 13:20:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210610#M39903 Timothy_Hall 2024-04-07T13:20:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210614#M39904 <P>ssh inspection is still supported, but rdp inspection is not, as per link Tim sent.</P> <P>Andy</P> Sun, 07 Apr 2024 13:42:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/210614#M39904 the_rock 2024-04-07T13:42:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/211490#M40090 <P>Once ssh inspection is turned on (ion), does that mean all current ssh traffic going thru the gw will break until you add all the public and private keys to the gw?&nbsp; With 'https inspection', you can bypass traffic you don't want inspected.&nbsp; &nbsp;</P> Tue, 16 Apr 2024 20:43:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/211490#M40090 Daniel_Kavan 2024-04-16T20:43:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/211500#M40093 <P>If I'm understanding the documentation correctly, we are only inspecting SSH connections where the public (and private) key is added to the gateway.<BR />However, I haven't tested this.</P> Tue, 16 Apr 2024 21:40:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/211500#M40093 PhoneBoy 2024-04-16T21:40:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/213942#M40816 <P>You need to add the private key to the gateway? The documentation says you only need to add the public key&nbsp;</P> Sun, 12 May 2024 12:40:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/213942#M40816 ww1m6 2024-05-12T12:40:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214050#M40861 <P>You&nbsp;<EM>can</EM> add the private key to improve the user experience, but it's not a requirement.<BR /></P> Mon, 13 May 2024 15:14:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214050#M40861 PhoneBoy 2024-05-13T15:14:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214052#M40862 <P>I understand. I followed&nbsp; the guide for configuring the ssh inspection but where can I actually see that the ssh traffic to the ssh server that it's key I added to the gateway is being inspected?</P> Mon, 13 May 2024 15:18:52 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214052#M40862 ww1m6 2024-05-13T15:18:52Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214211#M40886 <P>What does&nbsp;cpssh_config istatus tell you?</P> Tue, 14 May 2024 17:16:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214211#M40886 PhoneBoy 2024-05-14T17:16:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214213#M40887 <P>Man, learn something new from you all the time, I never knew of that command before <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Andy</P> Tue, 14 May 2024 17:19:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214213#M40887 the_rock 2024-05-14T17:19:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214215#M40888 <P>SSH Inspection is enabled</P> Tue, 14 May 2024 17:24:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214215#M40888 ww1m6 2024-05-14T17:24:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214240#M40894 <P>Well, that's a start.</P> <P>The best way to confirm is via telnet to port 22 to the protected server.<BR />This (along with troubleshooting) is listed at the bottom of the documentation linked earlier in this thread.</P> Tue, 14 May 2024 22:02:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214240#M40894 PhoneBoy 2024-05-14T22:02:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214358#M40913 <P>Yes, I tried it but I did not get the result shown in the documentation. Am I supposed to be able to see the ssh traffic inspected in the logs on the management server?&nbsp;</P> Wed, 15 May 2024 13:21:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214358#M40913 ww1m6 2024-05-15T13:21:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214619#M40974 <P>If it's not showing the Check Point specific SSH banner, then it's not doing inspection.<BR />Recommend engaging with TAC for further assistance: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Fri, 17 May 2024 02:13:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SSH-Inspection/m-p/214619#M40974 PhoneBoy 2024-05-17T02:13:57Z