SSH Proxy decryption requires no certificates and decrypts
inbound and outbound SSH sessions and ensures that attackers can’t use
SSH to tunnel potentially malicious applications and content.
Configuring
SSH
Proxy does not require certificates and the key used to decrypt
SSH sessions is generated automatically on the firewall during boot
up. With SSH decryption enabled, the firewall decrypts SSH traffic
and blocks and or restricts the SSH traffic based on your decryption
policy and decryption profile settings. Traffic is re-encrypted
as it exits the firewall.
When you configure SSH Proxy,
the proxied traffic does not support DSCP code points or QoS.