Search

GlobalSCAPE Knowledge Base

After the first 1000 IP address entries in the IP Access List in EFT, the IP addresses are not blocked when DMZ Gateway is used

Karla Marsh
DMZ Gateway

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, v6.4 and later with DMZ Gateway

SYMPTOM

In the IP Access List in EFT, any "banned" IP addresses beyond the first 1000 are not blocked when DMZ Gateway is used. Those addresses would still pass through to EFT.

WORKAROUND

Update the DMZ Gateway configuration to allow more than 1000 banned IP addresses.

To update the DMZ Gateway configuration

  1. Open the DMZ Gateway configuration file, <InstallDir>\conf\DMZGatewayServerService.conf in a text editor.
  2. Add the following as a new line:
  3. wrapper.java.additional.X=-DNetworkAccessPolicyExceptionLimit=Y

    Where X is the next incremental value past the highest existing additional property, and Y is the new limit.

    Refer to KB article #11270, which describes a similar configuration option, as the model for passing values to the JVM.

MORE INFORMATION

The DMZ Gateway has an upper limit on the size of the banned IP list that defaults to 1000. When using DMZ Gateway, IP address restrictions are applied at the DMZ Gateway, not on EFT. Therefore, when you have more than 1000 blacklisted (or banned) IP addresses, you must update DMZ Gateway properties to allow it.

See also KB article 10877, Adjust IP Access Rule Count Limit and IP Auto Ban List limit.

Details
Last Modified: 7 Years Ago
Last Modified By: kmarsh
Type: FIX
Article not rated yet.
Article has been viewed 7.6K times.
Options
Also In This Category