Module "CPSSH" (SSH Inspection)

R80.40 introduced SSH Deep Packet Inspection - decryption / encryption of SSH, extraction of files from SFTP/SCP, blocking of SSH port forwarding, and so on.

For more information, see the R81.10 Threat Prevention Administration Guide.

Syntax

On the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster Member Security Gateway that is part of a cluster., run in the Expert mode:

fw ctl debug -m CPSSH + {all | <List of Debug Flags>}

On the Scalable Platform Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected., run in the Expert mode:

g_fw ctl debug -m CPSSH + {all | <List of Debug Flags>}

Important - In addition, enable the debug flag "cpsshi" in Module "fw" (Firewall).

Flag

Description

authentication

Detailed information about authentication

binary_packet

Detailed information about packets

conn_proto

Detailed information about connections

crypto

Encryption and decryption

Note - In addition, see Module "crypto" (SSL Inspection).

dump

Dumps the connection buffer

error

General errors

info

General information

mux_auth_app

Information about authentication

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_conn_app

Information about connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_decrypt_app

Information about decryption of connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_encrypt_app

Information about encryption of connections

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_inf

Internal flow

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

mux_ssh_parser_app

Currently is not used

mux_stream

Internal flow

Note - In addition, see Module "MUX" (Multiplexer for Applications Traffic).

probe

Information about connections

session

Internal flow

sftp_parser

Parser of SFTP / SCP connections

state_machine

Information about the module State Machine

trans_proto

Information about client and server communication

warning

General warnings