Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DUK
Explorer
Jump to solution

IPS and SSH

How can the IPS blade protect from malicious SSH traffic? Can inbound (from Internet) SSH traffic be inspected?

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin

You have to enable/configure SSH Inspection in R80.40+ for inbound traffic.
It's covered in the Threat Prevention Admin Guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
For outbound, we currently don't have a way to "man in the middle" the SSH.

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

Yes that’s exactly what it means: Not supported on gateways running VSX.
VSX does not make use of VMs.

Note that this limitation does not appear in the R81 version of the guide, which suggests this may be supported with VSX in that release.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin

You have to enable/configure SSH Inspection in R80.40+ for inbound traffic.
It's covered in the Threat Prevention Admin Guide: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
For outbound, we currently don't have a way to "man in the middle" the SSH.

0 Kudos
DUK
Explorer

I do not quite understand the limitation mentioned in the documentation provided by above link: "VSX is not supported". Does this mean "SSH DPI is not supported on VSX gateways?". Our customer has a 5400 physical appliance on which he runs several VSXs as VMs. Would we be able to enable SSH DPI?

0 Kudos
PhoneBoy
Admin
Admin

Yes that’s exactly what it means: Not supported on gateways running VSX.
VSX does not make use of VMs.

Note that this limitation does not appear in the R81 version of the guide, which suggests this may be supported with VSX in that release.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events