2.9. Maximizing the scope of auditing

In certain special scenarios, PSM may examine and audit network traffic with some limitations, depending on the configuration.

In the first scenario, your organization uses jump hosts to access remote servers or services. In this case, PSM ignores the connection between the target server and the remote server, as it does not go through PSM.

Figure 2.12. Connection to a remote server through a jump host

Connection to a remote server through a jump host

In the next scenario, a file operation is performed going from the target server to the client (for example, copying a file using SCP). In this case, the direction of the connection is switched, as compared to the initial client-to-server direction.

Figure 2.13. File operation in the "reverse" direction

File operation in the "reverse" direction

In these scenarios, PSM may not:

  • Restrict channels allowed in the connection.

  • Audit file operations.

    When you wish to search for the audit files of these connections, there will be no results returned on the Search page.

  • Allow authentication on the remote server if the user authenticates to the target server using a Credential Store.

If you want all connections in these scenarios to be audited, make sure that you add a connection policy for:

  • The connection between the target server and any remote servers.

  • The connection going from the target server to the client.