11-21-2014 06:03 AM
I periodically receive an alert from my APC device regarding an unauthorized FTP attempt from my airwave server.
I beleive it may be related to Rapids but not entirely sure.
Does anyone have any suggestions on preventing this?
Solved! Go to Solution.
11-21-2014 09:14 AM
-moved post to correct topic area
Is the FTP initialized from the AirWave server? Or is it an inbound request from a device to the AirWave server? AirWave can also be an FTP server, but that's only used if devices are trying to get firmware updates from AirWave. RAPIDS should not be doing anything FTP related.
I also suggest taking this up as a support case with TAC. Along with a tcpdump capture of all traffic between your APC and the AirWave server.
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Re: Airwave Causing false positive alerts
01-22-2016 10:43 AM
For any other users running into this same issue I contacted TAC on this and am told that on the RAPIDS tab (under "Setup") there is the "Auto OS Scan Rogue Devices" option which is what causes AirWave to perform an NMAP scan of network devices to obtain OS information. TAC recommended either turning this off (which would turn off OS detection on all rogue devices as there is no option to disable it for a single device) or turning off that particular e-mail alert on the UPS device (or other network device) that is generating the alert(s).