Select SSH Known Hosts Lists for NGFW Engine

To allow connections only to specific trusted servers, select SSH Known Hosts Lists in the Engine Editor.

Note: When Use Strict Known Hosts List is selected for the Server Host Key Validation option in the properties of the custom Service element for SSM SSH Proxy, you must select SSH Known Hosts Lists for the engine. If you do not select an SSH Known Hosts List, connections are not allowed to any hosts.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click a Single Firewall or Firewall Cluster and select Edit <element type>.
  3. In the navigation pane on the left, browse to Add-Ons > Sidewinder Proxy.
  4. Next to the SSH Known Hosts Lists table, click Add.
  5. Select one or more SSH Known Hosts List elements, then click Select.
  6. Click Save.

Next steps

If the default SSH host keys do not meet your needs, or if you want to specify which host keys are used for specific SSH Proxy Services, add host keys for Sidewinder SSH Proxy.

Otherwise, add custom Service elements for Sidewinder SSH Proxy.

Engine Editor > Add-Ons > Sidewinder Proxy

Use this branch to enable and configure Sidewinder Proxies.

Option Definition
Enable When selected, enables Sidewinder Proxy.
Sidewinder Logging Profile The selected Sidewinder Logging Profile element for the engine. Click Select to open the Select Element dialog box, where you can select a Sidewinder Logging Profile.
SSH Proxy Settings specific to the SSM SSH Proxy.
SSH Known Hosts Lists The selected SSH Known Hosts List elements for the engine. Click Add to add an element to the list, or Remove to remove the selected element.
Host Keys The SSH host keys used by the firewall when it acts as the SSH server in a connection that uses the SSM SSH Proxy. Click Add to add a row to the table, or Remove to remove the selected row. To import an existing host key, click Import.
Key Type Shows the signature algorithm used for the host key.
Key Length Shows the length of the host key.
SHA256 Fingerprint Shows the SHA256 fingerprint of the host key.
SSH Proxy Services The SSH Proxy Service element with which the host key is used. Double-click the field to open the Select Element dialog box, where you can select a Service element.
Comment

(Optional)

 A comment for your own reference.
Advanced Settings Opens the Advanced Sidewinder Proxy Settings dialog box.