 | ||
 SSH on non standard ports | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-03-29 | |||
| |||
 SSH on non standard ports Hello everyone, I'de like to block SSH on non standard ports. So far so good. But I also would like to allow SSH on a specific non standard port different from 22. For example 22 and 229: allow SSH v2. Any other ports, SSH disallowed. Does anyone know how to achieve this ? thanks mtoadmin PS: I am current using NGX  |
| 2006-03-29 | |||
| |||
| Re: SSH on non standard ports Add TCP service 229, edit its avanced properties. You need change Protocol Type to SSH2. About blocking - check SmartDefence -> Application Intelligence -> VPN Protocols -> SSH -> Detect SSH over Non Standard Ports |
| 2006-03-29 | |||
| |||
| Re: SSH on non standard ports This was our first try but it didn't seem to work (at least for us) Did you test this ? We are on NGX If you look in updates.def inspect code, it seems coded as 22 only. I'm trying to modify this file. thanks |
| 2006-03-29 | |||
| |||
| Re: SSH on non standard ports ok, found it. In updates.def change as follow: #define SSH_PORT_NUMBER 22 #define SSH_PORT_NUMBER2 229 #define ADP_SSH_V2_MATCH \ (tcp, syn, not ack,((dport=SSH_PORT_NUMBER) or (dport=SSH_PORT_NUMBER2)),ADP_SSH_V2_VER2_ONLY) #define ADP_SSH_NO_22_MATCH \ ( \ tcp, syn, not ack, \ dport != SSH_PORT_NUMBER, dport != SSH_PORT_NUMBER2, \ ( \ ADP_SSH_NO_22_ACTION = SSH_BLOCK_WRONG_PORTS \ or \ ADP_SSH_NO_22_ACTION = SSH_NO_22_VER_2_ONLY \ ) \ ) |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
