SSH Deep Packet Inspection

You can use the SSH Deep Packet Inspection ("SSH DPI") feature to decrypt and encrypt SSH traffic and let the Threat Prevention solution protect against advanced threats, bots, and other malware.

SSH DPI Architecture

Similar to HTTPS InspectionClosed Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi., SSH DPI works as the man-in-the-middle.

SSH_CLIENT <=> Security Gateway <=> SSH_SERVER

Note - All TCP traffic should pass through the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Enabling SSH Deep Packet Inspection on the Security Gateway

Disabling SSH Deep Packet Inspection on the Security Gateway

Viewing SSH DPI Status

Note - All ssh inspection settings will be saved after Security Gateway reboot.

Configuring SSH Deep packet Inspection

Add an inspected SSH server

SSH Deep Packet Inspection Settings

Client Authorization (authorization by keys - without passwords)

Cluster

Currently, we do not support keys syncing between clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. nodes automatically.

Troubleshooting

Debugging