Settings to Control Decrypted SSH Traffic
The following table describes the settings you can use to control decrypted inbound and outbound SSH traffic. These settings allow you to limit or block SSH tunneled traffic based on criteria including the use of unsupported algorithms, the detection of SSH errors, or the availability of resources to process SSH Proxy decryption.
SSH Proxy Tab Settings
Unsupported Mode Checks—Use these options to control sessions if unsupported modes are detected in SSH traffic. Supported SSH version is SSH version 2.
Block sessions with unsupported versions
Terminate sessions if the “client hello” message is not supported by PAN-OS.
Block sessions with unsupported algorithms
Terminate sessions if the algorithm specified by the client or server is not supported by PAN-OS.
Failure Checks—Select actions to take if SSH application errors occur and if system resources are not available.
Block sessions on SSH errors
Terminate sessions if SSH errors occur.
Block sessions if resources not available
Terminate sessions if system resources are not available to process decryption.
SSH Proxy Decryption Profile
The SSH Proxy Decryption profile blocks risky SSH sessions and blocks or restricts SSH tunneled traffic according to your Security policy. ...
Settings to Control Decrypted SSL Traffic
Settings to Control Decrypted SSL Traffic The following table describes the settings you can use to control SSL traffic that has been decrypted using either ...
Configure SSH Proxy
SSH Proxy decryption requires no certificates and decrypts inbound and outbound SSH sessions and ensures that attackers can’t use SSH to tunnel potentially malicious applications ...
Create a Decryption Profile
Attach Decryption profiles to Decryption policy rules to control the protocol versions, algorithms, verification checks, and session checks the firewall accepts for the traffic defined ...
Create the Data Center Best Practice Decryption Profiles
Decryption Profiles define the SSL Protocol settings the firewall accepts so you can protect against vulnerable, weak protocols and algorithms. ...
Decrypt traffic to reveal encrypted threats so the firewall can protect your network against them. ...
SSL Inbound Inspection Decryption Profile
The SSL Inbound Inspection Decryption profile blocks risky inbound sessions and provides session failure checks. ...
Deploy SSL Decryption Using Best Practices
Following SSL Decryption deployment best practices help to ensure a smooth, prioritized rollout and that you decrypt the traffic you need to decrypt to safeguard ...
Create a Decryption Policy Rule
Decryption policy rules granularly define the traffic to decrypt or not to decrypt based on the source, destination, service (application port), and URL Category. ...