# config firewall ssl-ssh-profileCreate SSH profile filter from CLI.
(ssl-ssh-profile) # edit sshprofiledeepinspection
new entry 'sshprofiledeepinspection' added
(sshprofiledeepin~ion) # config ssh
(ssh) # set ssh-policy-check enable
(ssh) # set ssh-tun-policy-check enable
(ssh) # end
(sshprofiledeepin~ion) # end
# config ssh-filter profileConfigure Firewall Policy from Command line.
(profile) # edit sshfilterprofile
new entry 'sshfilterprofile' added
(sshfilterprofile) # set block sftp
(sshfilterprofile) # set log sftp
(sshfilterprofile) # end
# config firewall policyConfigure Proxy Policy from Command line.
edit 1
set srcintf "port2"
set dstintf "port1"
set srcaddr "x.x.x.x"
set dstaddr "AllowSSHy.y.y.y" "BlockedSFTPz.z.z.z"
set action accept
set schedule "always"
set service "SSH"
set utm-status enable
set ssh-filter-profile "sshfilterprofile"
set ssl-ssh-profile "sshprofiledeepinspection"
end
# config firewall proxy-policyTroubleshooting.
(proxy-policy) # edit 1
(1) # show full
set proxy ssh
set dstintf "port1"
set srcaddr "x.x.x.x"
set dstaddr "AllowSSHy.y.y.y" "BlockedSFTPz.z.z.z"
set action accept
set status enable
set schedule "always"
set utm-status enable
set ssh-filter-profile "sshfilterprofile"
set ssl-ssh-profile "sshprofiledeepinspection"
end
# diagnose debug flow filter port 22Debug WAD.
# diagnose debug flow trace start 999
# diagnose debug enable
# diagnose debug resetRelated document.
# diagnose wad filter src x.x.x.x <----- Source IP.
# diagnose debug console timestamp enable
# diagnose debug duration 240
# diagnose wad debug enable category ssh
# diagnose wad debug enable level verbose
# diagnose debug enable
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.