ProxySG & Advanced Secure Gateway

 View Only

  • 1.  SFTP through a Transparent ProxySG

    Posted Aug 20, 2019 12:17 PM

    Dear all,

             My customer need to SFTP through a Transparent ProxySG. I already intercepted ssh service. Then test create policy by specific destination is destination/host port object such as 159.x.x.x port 22, this is work. But if create policy by specific destination is destination/host port object such as sftp.aaa.com,this isn't working. After I trace policy, this connection does't match rule. Please help to verify and please help to recommend how to resolve this issues. 

    This connection trace policy as below:

    connection: service.name=SSH client.address=172.x.x.x proxy.port=22 client.interface=0:0.1 routing-domain=default
      location-id=0 access_type=unknown
    time: 2019-08-19 03:21:44 UTC
    TUNNEL tcp://159.x.x.x:22/



  • 2.  RE: SFTP through a Transparent ProxySG

    Posted Aug 20, 2019 12:43 PM
    Hi, Can you add this cpl policy and test: <Proxy> url.port=22 detect_protocol (none) allow


  • 3.  RE: SFTP through a Transparent ProxySG

    Posted Aug 21, 2019 12:18 AM

    Hi,

     

                The request is a tunneled connection for which Proxy won't be able to see the domain name. Thus the rule that you have added won't have any impact. You have to stick to IP Address rule for such TCP-Tunneled requests.