How to decrypt SSH Tunneling Traffic and block SSH Tunneling

There is a way that internal users can send web traffic out over an SSH tunnel, and it would bypass your firewall, allowing an end-user to surf a blocked website and transfer files undetected. This article shows how to decrypt SSH Tunneling Traffic and block SSH Tunneling Traffic in Palo Alto Firewall.

Step 1 Create Decryption policy

  1. Go to Policies>Decryption and click Add to add Decrypting SSH.

2. Select trust as Source

3. Add untrust as Destination.

4.nCheck Decrypt in Options.

Step 2: Create a Security policy

  1. Go to Policies>Security and click Add to add Block SSH Tunneling..

2. Add trust in Source.

3. Add untrust to Destination.

4. Add ssh-tunnel in Application.

5. Action set Deny, check Log at Session End in Log Settings

Step 3: Commit.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com