SRX Services Gateway
Highlighted
SRX Services Gateway

Block outbound SSH with exceptions

‎10-14-2014 06:59 AM

Hello there I have a stack of 240's that I need to block outbound SSH traffic with.  There is a server on the network that people  use to SSH into other sites.  I don't have a good handle on who/what/when/where/why so I intend to block all outbound SSH traffic, wait for people to complain, and build an exception list.  It's a tough way to go, I know, but it's safe.  Does anyone have any recommendations on how to achieve this?  

Thanks,

Joe 

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author PortlandJoe
‎08-26-2015 01:27 AM

Re: Block outbound SSH with exceptions

‎05-12-2015 06:26 AM

Hello Joe ,

 

Not Sure if the query is still active , just saw the query .  

 

If you are trying to block the SSH outbound traffic through the SRX , creat a policy  from Trust to untrust with application any :

 

from-zone trust to-zone untrust {
    policy Deny_SSH {
        match {
            source-address any;
            destination-address any;
            application junos-ssh;
        }
        then {
            deny;
        }
    } 

 

And place this policy on top of all other  policy .


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
Highlighted
SRX Services Gateway

Re: Block outbound SSH with exceptions

‎05-12-2015 08:38 AM

Thanks joses.  I was thinking I would put it on the ACL side, but this is a fine way to do it, and very straightfoward, plus I can use enhanced logging.  

Joe