SFTP Gateway version 3 lets you configure an IP allowlist from within the application. These are configured at the per-user level. This is to prevent brute-force attacks, as well as prevent one user from even attempting to authenticate as another user.
How the IP Allowlist works
An IP allowlist is a way to restrict access to an SFTP user based on IP Address.
IP addresses are in CIDR notation. So, an individual IP address would end in
/32, such as
126.96.36.199/32. Or, you can configure an IP address range, such as
By default, the IP allowlist is empty, so there are no restrictions. But restrictions begin as soon as you add an IP address range to the list.
There's a Label property which lets you enter a description. This could be useful for keeping track of IP addresses. For example, you have a user that connects from their office IP, but sometimes connects from their home IP.
Here is an example of an IP allowlist configuration:
Error message when your IP is blocked
When you attempt to connect with a user from an IP address other than what is specified within the allowlist you will receive this error message:
User has too many connections from current IP