SSH tunneling Control
The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. SSH allows tunneling, which can be used to subvert firewalls and breach security policies. Users can "sneak through" a firewall by hiding applications inside a SSH tunnel. With SSH Proxy, PAN-OS firewalls can be configured to decrypt SSH traffic and detect when SSH port forwarding is used. The firewall can then be configured to block the SSH tunneling traffic with a security policy. As a result, this will deny the applications that are tunneled inside SSH.
Note: This feature does not provide any control of apps or threats within the tunnel.
For a video demonstration of the SSH Proxy feature, refer to the Tutorial: SSH Decryption