Network Management

Occasional Contributor I

Airwave Causing false positive alerts

I periodically receive an alert from my APC device regarding an unauthorized FTP attempt from my airwave server.


I beleive it may be related to Rapids but not entirely sure.


Does anyone have any suggestions on preventing this?


Re: Airwave Causing false positive alerts

-moved post to correct topic area


Is the FTP initialized from the AirWave server?  Or is it an inbound request from a device to the AirWave server?  AirWave can also be an FTP server, but that's only used if devices are trying to get firmware updates from AirWave.  RAPIDS should not be doing anything FTP related.


I also suggest taking this up as a support case with TAC.  Along with a tcpdump capture of all traffic between your APC and the AirWave server.

Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I

Re: Airwave Causing false positive alerts

It appears to be a FTP request initialized by the Airwave Server.


I will contact TAC.



Contributor I

Re: Airwave Causing false positive alerts

Hi curtinat,


I know this thread is somewhat old but did you ever get a resolution on this issue from TAC?


Contributor I

Re: Airwave Causing false positive alerts

For any other users running into this same issue I contacted TAC on this and am told that on the RAPIDS tab (under "Setup") there is the "Auto OS Scan Rogue Devices" option which is what causes AirWave to perform an NMAP scan of network devices to obtain OS information.  TAC recommended either turning this off (which would turn off OS detection on all rogue devices as there is no option to disable it for a single device) or turning off that particular e-mail alert on the UPS device (or other network device) that is generating the alert(s).