ProxySG & Advanced Secure Gateway

Hi. Does SWG supports intercepting Secure FTP traffic? Our use-case is that we have users using WinSCP to access some backend services over SFTP protocol (port 22) and because of some internal requirement this traffic needs to go via our SWG to those backend external services.

Does SWG supports traffic interception over SFTP protocol and is recommended to do so on SWG?



------------------------------
Symantec Enthusiast
------------------------------

Anyone @Slava​

------------------------------
Symantec Enthusiast
------------------------------

Original Message:
Sent: 11-22-2021 10:26 AM
From: sulman mushaq
Subject: Intercepting SFTP Traffic on SWG

Hi. Does SWG supports intercepting Secure FTP traffic? Our use-case is that we have users using WinSCP to access some backend services over SFTP protocol (port 22) and because of some internal requirement this traffic needs to go via our SWG to those backend external services.

Does SWG supports traffic interception over SFTP protocol and is recommended to do so on SWG?



------------------------------
Symantec Enthusiast
------------------------------

Hello Sym, 

The SFTP in Secure Shell( SSH not SSL) encrypted FTP, and since it is SSH encrypted protocol the bellow would apply.
The Symantec proxy did not yet implemented the full on SSH engine that is capable of Decrypting the SSH session and looking at what is inside the SSH Session. However the SSH traffic can be picked up by the proxy and you can still control(Allow/Deny)  it via the Web Access Layer Policy based on what we can see from the session such as destination/Source  IP , protocol, port.

I hope this helps.
Slava
Original Message:
Sent: 11-22-2021 10:26 AM
From: sulman mushaq
Subject: Intercepting SFTP Traffic on SWG

Hi. Does SWG supports intercepting Secure FTP traffic? Our use-case is that we have users using WinSCP to access some backend services over SFTP protocol (port 22) and because of some internal requirement this traffic needs to go via our SWG to those backend external services.

Does SWG supports traffic interception over SFTP protocol and is recommended to do so on SWG?



------------------------------
Symantec Enthusiast
------------------------------

@Slava  thanks for your replies. Proxy is deployed in explicit mode.

There is already a default listener on SWG for SSH with port 22, if we change its action to intercept from bypass, would that be enough or we also need to do any additional configuration on SWG for intercepting Secure FTP as typically SFTP also works on port 22 or do we need to create a new lister on SWG for intercepting SFTP traffic ?

Appreciate your feedback. Thanks ​

------------------------------
Symantec Enthusiast
------------------------------

Original Message:
Sent: 11-22-2021 12:22 PM
From: Slava Vasilasco
Subject: Intercepting SFTP Traffic on SWG

Hello Sym,

The SFTP in Secure Shell( SSH not SSL) encrypted FTP, and since it is SSH encrypted protocol the bellow would apply.
The Symantec proxy did not yet implemented the full on SSH engine that is capable of Decrypting the SSH session and looking at what is inside the SSH Session. However the SSH traffic can be picked up by the proxy and you can still control(Allow/Deny)  it via the Web Access Layer Policy based on what we can see from the session such as destination/Source  IP , protocol, port.

I hope this helps.
Slava
Original Message:
Sent: 11-22-2021 10:26 AM
From: sulman mushaq
Subject: Intercepting SFTP Traffic on SWG

Hi. Does SWG supports intercepting Secure FTP traffic? Our use-case is that we have users using WinSCP to access some backend services over SFTP protocol (port 22) and because of some internal requirement this traffic needs to go via our SWG to those backend external services.

Does SWG supports traffic interception over SFTP protocol and is recommended to do so on SWG?



------------------------------
Symantec Enthusiast
------------------------------