Hello,
We have one Ubuntu Server there we have enabled SSH and now I'm trying to provide SSH access for some users, but I would like to apply application control to the rule. In rule I added SRC, DST, User Group and Port (TCP 22), then created application group, where I blocked all applications but enabled SSH Applications (did override), but users can't access to the server. But then I added to this application rule also one override rule, where select also "Canonical Ubuntu" application and then users received access.
But in this "Canonical Ubuntu" ( https://www.fortiguard.com/encyclopedia/iotapp/10000501 ) I see al lot of protocols (UDP, SNMP, TCP, HTTP, SSH) I need to provide access just to SSH. How I can do It. And also by best practice how do I need to create policy in such cases?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Thanks for the clarification @1mm . I am afraid this will be allowed.
Hi,
As mentioned in my previous post, it shouldn't allow the HTTP on port 22 because you have application control enabled with "Canonincal Ubundu" which will not allow HTTP on non-standard port which is 22 here. So the traffic should ideally be blocked. You can test this and share your feedback
Best Regards,
I believe this option will fix the issue for you "'Block applications detected on non-default ports'."
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Port-enforcement-check/ta-p/196078
And several additional questions:
1 - It's normal practice create an application profile, block all application categories and then enable (override) needed application (if you need to create policy based on application), correct?
2 - Why fortiget doesn't allow ssh with standard application and allowed with Canonical Ubuntu?
Are there any changes in Ubuntu for ssh? Are there some changes in SSH signatures from Ubuntu side and fortigate doesn't recognize it as "Standart" SSH?
and thanks for workaround 'Block applications detected on non-default ports'."
@saneeshpv_FTNT Thanks for your reply, will check It.
1- is correct. General rule is block everything and allow only specific application/traffic.
2 - From your tests it looks like normal SSH and Standard SSH have some differences, but I am not sure what are the differences.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.