I see that SSH is not an option for "Examine the following Services" in a DLP sensor. Many organizations use SFTP for file transfer, and there is concern that Data Loss will occur this way. Is there any plan to give DLP the ability to inspect SSH traffic?
Does the DLP sensor detect the protocol being used, or is it based on ports only? So, for example, if I have FTP filters enabled, does the the DLP sensor look at traffic on port 21 only? If I have FTP set up on a non-standard port, will the DLP sensor detect this?
It seems you need to configure a ssh proxy server:
Then after the ssh mitm inspection, the plain packets should be detected by either proxy-based or flow-based utm profiles.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.