The following table describes the settings you can use
to control decrypted inbound and outbound SSH traffic. These settings
allow you to limit or block SSH tunneled traffic based on criteria
including the use of unsupported algorithms, the detection of SSH
errors, or the availability of resources to process SSH Proxy decryption.
SSH Proxy Tab Settings
Unsupported Mode Checks
these options to control sessions if unsupported modes are detected
in SSH traffic. Supported SSH version is SSH version 2.
Block sessions with unsupported versions
Terminate sessions if the “client hello”
message is not supported by PAN-OS.
Block sessions with unsupported algorithms
Terminate sessions if the algorithm specified
by the client or server is not supported by PAN-OS.
actions to take if SSH application errors occur and if system resources
are not available.
Block sessions on SSH errors
Terminate sessions if SSH errors occur.
Block sessions if resources not available
Terminate sessions if system resources are
not available to process decryption.