SonicOS 7.0 Rules and Policies for Policy mode

Decryption (DPI-SSH)

The Anti-Spyware Service service does not work for DPI-SSH because TCP streams for Anti-Spyware are not supported. If the checkbox is checked, the system takes no action. The Decryption Policies feature allows you to decrypt and bypass connections.

To configure Decryption (DPI-SSH)

  1. Navigate to POLICY | Rules and Policies > Settings > Decryption (DPI-SSH).
  2. For Enable SSH Inspection, click enable to activate SSH Inspection.
  3. Block Port Forwarding - Enable Block Port forwarding to allow local or remote computers (for example, computers on the internet) to connect to a specific computer or service within a private LAN. Port forwarding translates the address and/or port number of a packet to a new destination address and forwards it to that destination according the routing rules. Because these packets have new destinations and port numbers, they can bypass the firewall security policies.

  4. Local Port Forwarding - Enable Local Port Forwarding to allow a computer on the local network to connect to another server that might be an external server.

  5. Remote Port Forwarding - Enable to allow a remote host to connect to an internal server.

  6. X11 Forwarding - Use X11 forwarding as an alternative to forwarding a Remote Port or VNC connection. It differs from Remote Port Forwarding or VNC in that remote application windows appear seamlessly in your desktop, without forwarding a complete desktop. X11 forwarding is best used with UNIX-style servers running applications intended to run under X11. For connections to Windows servers, Remote Port Forwarding is the native option.

  7. Click Accept to save your changes.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden