Is it possible to perform SSH decryption on SRX devices ?
Do you mean SSH password decryption or SSH traffic decryption?
If you want to decrypt the SSH password, we can achieve this in SRX with a certain condition. Please find the technical document for the same - https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/request-security-...
AFAIK, It is not possible to decrypt SSH traffic on SRX series devices.
SSH proxy is currently not supported in SRX series devices.
Thank you for the response.
As SSH proxy is not supported, I don't think it is possible to decrypt SFTP or SCP traffic.
Any work around to filter files transferred over SFTP. For example to block ZIP files uploads or downloads over SFTP.
I am afraid it's not possible with current design as SRX doesn't have a way to identify the type of file being transferred over the secure channel.
I guess we can do it for normal traffic via UTM but not for a secure one - https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...
Yes with Content filtering, file extensions can be blocked for plain traffic and even for HTTPS traffic if SSL Proxy is configured. But I am looking for solution to block file extensions for SFTP and SCP traffic.