Serv-U Gateway Internal IP Shows as Denied in Dashboard at Ports 22 & 443?

When would a Serv-U Gateway internal IP ever show as Denied in Dashboard at Ports 22 & 443 in Dashboard log?

The internal IP address for the Gateway appears in the Dashboard log as Denied multiple times on ports 22 & 443

Would that mean that either someone or something is attempting to connect from the Gateway Desktop?

Thanks

  • Do you see any other activty for those IPs prior to the denied messages. The denied messages are usually triggered by IP Access rules, or the Anti-Hammer settings

  • yeah, at the time I posted I was rushing and Yes the IP is Added by Admin (me), I probably added it w/out thinking about the actual IP, and since there's no timestamp, I don't know when

    So, the question is, is this normal behavior that the Gateway server internal IP attempts to connect on ports 22 & 443?

  • No worries. As I see it, the gateway proxies the connection from the internet so it will be connecting to the internal server - unless I am misunderstanding the setup?

  • Same boat... In main setting for Serv-U mFTP Gateway tab, the Gateway IP that I remote desktop to via RDP shows as Gateway Address (all good so far), to the right is the Public IP address (still good), however the connection from internal Gateway IP on ports 22 & 443 is questionable, and Yes we/me wouldn't see this if the log* wasn't monitored, Or in my case the internal IP is blocked** on the Gateway domain, |IP Access tab

    *Log facts, query logs sine 6/1 many files sent/received on/after Serv-U applying service release (SR) & HF2 to .157
    **blocked by me due to seeing in logs, w/attempts to log in from the internal IP, again, I likely didn't think about the IP, just that it appeared w/failed attempts, copy paste deny; if I'd noticed when adding it sometime between 3/31/2024 and 7/3/2024 in the IP Access export file, but ahead of applying the SR

    Note: one suspect could be the Data Center security system(?) attempting to connect as a normal part of security auditing...?

  • Status is SW Ticket is being reviewed all requested logs were provided days ago
    To be clear, the Gateway is Blocked as Deny on the Gateway domain, this was done w/out recognizing the IP, simply showed up in the log as attempting to login from ports 22 & 443; it was not blocked by rule (SW refers to as Anti-hammering) asking here and SW Tech if Gateway pokes at domain on those ports was not a quick Yes/No
    Stay tuned...