SFTP Security with Big-IP

Question

I am wondering what sort of security I can provide for an SFTP connection coming into my enviroment. Looking at PSM I see I can control what commands are being send over an FTP connection, but I am looking to control what directories you can GET data from and what directories you can PUT data to. Does anyone know if this is possible, and what type of licensing is needed to make it work. I am running 11.4.1 so maybe LT Policies might buy me something?

kevin_stewart · Answer

If by "SFTP" you mean SSH File Transfer Protocol, that's going to be tough to do. There's no direct support for decrypting SSH traffic. FTPS would probably be easier, as we could certainly offload the SSL.

Forum Discussion

SFTP Security with Big-IP

1 Reply

Recent Discussions

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

What is BIG-IP Next?

Mitigating OWASP API Security risks using BIG-IP

Security Best Practices for BIG-IP & BIG-IQ systems

F5 BIG-IP Advanced WAF: OWASP Top 10 Application Security Risks 2021 Compliance Dashboard

Crafting Secure Paths: The Intricacies of VPN Solutions on BIG-IP APM