• SonicOS 7.0
• About DPI-SSH
  • Supported Clients/Servers and Connections
    • Supported Key Exchange Algorithms
    • Caveats
    • Configuring DPI-SSH
  • Activating Your DPI-SSH License
  • Managing DPI-SSH
    • Viewing Connection Status
    • Configuring Client DPI-SSH Inspection
    • DPI-SSH Blocking of Port Forwarding
    • Customizing Client DPI-SSH Inspection
• SonicWall Support
  • About This Document

Caveats

If there is already an SSH server key stored in the local machine, it must be deleted. For example, if you already SSH to a server, and the server DSS key is saved, the SSH session fails if the DSS key is not deleted from the local file.

The ssh-keygen utility cannot be used to bypass the password.

Putty uses GSSAPI. This option is for SSH2 only, which provides stronger encrypted authentication. It stores a local token or secret in the local client and server for the first time communication. It exchanges messages and operations before DPI-SSH starts, however, so DPI-SSH has no knowledge about what was exchanged before, including he GSSAPI token. DPI-SSH fails with the GSSAPI option enabled.

On the client side, either the SSH 2.x or 1.x client can be used if DPI-SSH is enabled. Clients with different version numbers, however, cannot be used at the same time.

Gateway Anti-Virus and Application Firewall inspections are not supported even if these options are selected on the POLICY | DPI-SSH > Settings page.