SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Block outbound SSH with exceptions

    Posted 10-14-2014 06:59

    Hello there I have a stack of 240's that I need to block outbound SSH traffic with.  There is a server on the network that people  use to SSH into other sites.  I don't have a good handle on who/what/when/where/why so I intend to block all outbound SSH traffic, wait for people to complain, and build an exception list.  It's a tough way to go, I know, but it's safe.  Does anyone have any recommendations on how to achieve this?  

    Thanks,

    Joe 



  • 2.  RE: Block outbound SSH with exceptions
    Best Answer

     
    Posted 05-12-2015 06:27

    Hello Joe ,

     

    Not Sure if the query is still active , just saw the query .  

     

    If you are trying to block the SSH outbound traffic through the SRX , creat a policy  from Trust to untrust with application any :

     

    from-zone trust to-zone untrust {
        policy Deny_SSH {
            match {
                source-address any;
                destination-address any;
                application junos-ssh;
            }
            then {
                deny;
            }
        } 

     

    And place this policy on top of all other  policy .



  • 3.  RE: Block outbound SSH with exceptions

    Posted 05-12-2015 08:38

    Thanks joses.  I was thinking I would put it on the ACL side, but this is a fine way to do it, and very straightfoward, plus I can use enhanced logging.  

    Joe