- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate SSH
Hello,
We have one Ubuntu Server there we have enabled SSH and now I'm trying to provide SSH access for some users, but I would like to apply application control to the rule. In rule I added SRC, DST, User Group and Port (TCP 22), then created application group, where I blocked all applications but enabled SSH Applications (did override), but users can't access to the server. But then I added to this application rule also one override rule, where select also "Canonical Ubuntu" application and then users received access.
But in this "Canonical Ubuntu" ( https://www.fortiguard.com/encyclopedia/iotapp/10000501 ) I see al lot of protocols (UDP, SNMP, TCP, HTTP, SSH) I need to provide access just to SSH. How I can do It. And also by best practice how do I need to create policy in such cases?
- Labels:
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the clarification @1mm . I am afraid this will be allowed.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As mentioned in my previous post, it shouldn't allow the HTTP on port 22 because you have application control enabled with "Canonincal Ubundu" which will not allow HTTP on non-standard port which is 22 here. So the traffic should ideally be blocked. You can test this and share your feedback
Best Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe this option will fix the issue for you "'Block applications detected on non-default ports'."
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Port-enforcement-check/ta-p/196078
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And several additional questions:
1 - It's normal practice create an application profile, block all application categories and then enable (override) needed application (if you need to create policy based on application), correct?
2 - Why fortiget doesn't allow ssh with standard application and allowed with Canonical Ubuntu?
Are there any changes in Ubuntu for ssh? Are there some changes in SSH signatures from Ubuntu side and fortigate doesn't recognize it as "Standart" SSH?
and thanks for workaround 'Block applications detected on non-default ports'."
@saneeshpv_FTNT Thanks for your reply, will check It.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1- is correct. General rule is block everything and allow only specific application/traffic.
2 - From your tests it looks like normal SSH and Standard SSH have some differences, but I am not sure what are the differences.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- « Previous
-
- 1
- 2
- Next »