I periodically receive an alert from my APC device regarding an unauthorized FTP attempt from my airwave server.
I beleive it may be related to Rapids but not entirely sure.
Does anyone have any suggestions on preventing this?
-moved post to correct topic area
Is the FTP initialized from the AirWave server? Or is it an inbound request from a device to the AirWave server? AirWave can also be an FTP server, but that's only used if devices are trying to get firmware updates from AirWave. RAPIDS should not be doing anything FTP related.
I also suggest taking this up as a support case with TAC. Along with a tcpdump capture of all traffic between your APC and the AirWave server.
It appears to be a FTP request initialized by the Airwave Server.
I will contact TAC.
I know this thread is somewhat old but did you ever get a resolution on this issue from TAC?
For any other users running into this same issue I contacted TAC on this and am told that on the RAPIDS tab (under "Setup") there is the "Auto OS Scan Rogue Devices" option which is what causes AirWave to perform an NMAP scan of network devices to obtain OS information. TAC recommended either turning this off (which would turn off OS detection on all rogue devices as there is no option to disable it for a single device) or turning off that particular e-mail alert on the UPS device (or other network device) that is generating the alert(s).
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.