Why does SSH traffic not match a security or decryption policy with a URL category

Why does SSH traffic not match a security or decryption policy with a URL category

494
Created On 06/19/25 03:35 AM - Last Modified 10/13/25 15:43 PM


Question


Why does SSH traffic not match a security or decryption policy with a URL category

Environment


  • Palo Alto Networks Firewalls
  • Supported PAN-OS
  • URL category in security or decryption policy rule
  • SSH traffic

Answer


  1. When using TLS or HTTP a URL is referenced in the relevant traffic.
  2. The URL information is found in theĀ  client hello or server certificate for TLS, and the GET for HTTP.
  3. With SSH there is no reference to the URL and therefore it has no means to match to a URL or URL category.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TNPCKA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail