Hi Paul. So basically via the CPL code we disabled protocol detection and disabled authentication for the URL which we want to tunnel via Proxy, allowed that particular URL in the WAL. Configured WinSCP to use HTTP Proxy and tried to establish the connection but its failing.
Did a policy trace and can see that protocol detection is working and its not doing SSL interception on that URL.
I am not sure why its still not working. Any feedback?
Thanks
------------------------------
Symantec Enthusiast
------------------------------
Original Message:
Sent: 11-22-2021 02:43 PM
From: Paul Riddington
Subject: Intercepting SSH Traffic on SWG
WINSCP needs to be configured with the same explicit proxy settings as your browsers, not port 22.
Regards
Paul
Original Message:
Sent: 11-22-2021 02:02 PM
From: sulman mushaq
Subject: Intercepting SSH Traffic on SWG
Thanks Paul, The WinSCP clients already have Proxy IP and for ports its configured as 22. Is there any additional configuration that needs to be done to tunnel this traffic through SWG apart from changing the SSH listener from bypass to intercept?
------------------------------
Symantec Enthusiast
Original Message:
Sent: 11-22-2021 01:55 PM
From: Paul Riddington
Subject: Intercepting SSH Traffic on SWG
Hello,
If the proxy is explicit, then the port 22 listener is irrelevant as the traffic will be processed by the http proxy service, usually on port 8080. The SFTP/SSH clients need to be proxy-aware in order to contain the explicit proxy settings.
Regards
Paul
Original Message:
Sent: 11-22-2021 01:44 PM
From: sulman mushaq
Subject: Intercepting SSH Traffic on SWG
@Slava and Paul thanks for your replies. Proxy is deployed in explicit mode.
There is already a default listener on SWG for SSH with port 22, if we change its action to intercept from bypass, would that be enough or we also need to do any additional configuration on SWG for intercepting SSH traffic?
Appreciate your feedback. Thanks
------------------------------
Symantec Enthusiast
Original Message:
Sent: 11-22-2021 12:20 PM
From: Slava Vasilasco
Subject: Intercepting SSH Traffic on SWG
Hello Sym,
The Symantec proxy did not yet implemented the full on SSH engine that is capable of Decrypting the SSH session and looking at what is inside the SSH Session. However the SSH traffic can be picked up by the proxy and you can still control(Allow/Deny) it via the Web Access Layer Policy based on what we can see from the session such as destination/Source IP , protocol, port.
Original Message:
Sent: 11-22-2021 10:27 AM
From: sulman mushaq
Subject: Intercepting SSH Traffic on SWG
Hi. Does SWG supports intercepting Secure SSH traffic? Our use-case is that we have users accessing some backend services over SSG and because of some internal requirement this traffic needs to go via our SWG to those backend external services.
Does SWG supports traffic interception over SSH protocol and is recommended to do so on SWG?
Thanks
------------------------------
Symantec Enthusiast
------------------------------