Skip to main content
Dan_Dan
Dan_Dan
New Member
January 16, 2018
Question

No sensors for SSH traffic?

  • January 16, 2018
  • 1 reply
  • 4713 views

I see that SSH is not an option for "Examine the following Services" in a DLP sensor. Many organizations use SFTP for file transfer, and there is concern that Data Loss will occur this way. Is there any plan to give DLP the ability to inspect SSH traffic?

    1 reply

    Dan_Dan
    Dan_DanAuthor
    New Member
    February 12, 2018

    Does the DLP sensor detect the protocol being used, or is it based on ports only? So, for example, if I have FTP filters enabled, does the the DLP sensor look at traffic on port 21 only? If I have FTP set up on a non-standard port, will the DLP sensor detect this?

    darwin_FTNT
    Staff
    darwin_FTNT
    Staff
    May 12, 2018

    It seems you need to configure a ssh proxy server:

     

    http://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/SSL_SSH_Inspection/SSH%20MITM%20deep%20inspection.htm

     

    Then after the ssh mitm inspection, the plain packets should be detected by either proxy-based or flow-based utm profiles.

    Terms & ConditionsAccessibility statement