Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Dan
New Contributor

No sensors for SSH traffic?

I see that SSH is not an option for "Examine the following Services" in a DLP sensor. Many organizations use SFTP for file transfer, and there is concern that Data Loss will occur this way. Is there any plan to give DLP the ability to inspect SSH traffic?

2 REPLIES 2
Dan_Dan
New Contributor

Does the DLP sensor detect the protocol being used, or is it based on ports only? So, for example, if I have FTP filters enabled, does the the DLP sensor look at traffic on port 21 only? If I have FTP set up on a non-standard port, will the DLP sensor detect this?

darwin_FTNT

It seems you need to configure a ssh proxy server:

 

http://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-security-profiles/SSL_SSH_Inspection/...

 

Then after the ssh mitm inspection, the plain packets should be detected by either proxy-based or flow-based utm profiles.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors