SFTP Gateway Support

3.0

IP Allowlist

Overview

SFTP Gateway version 3 lets you configure an IP allowlist from within the application. These are configured at the per-user level. This is to prevent brute-force attacks, as well as prevent one user from even attempting to authenticate as another user.

How the IP Allowlist works

An IP allowlist is a way to restrict access to an SFTP user based on IP Address.

IP addresses are in CIDR notation. So, an individual IP address would end in /32, such as 1.2.3.4/32. Or, you can configure an IP address range, such as 1.2.3.0/24.

By default, the IP allowlist is empty, so there are no restrictions. But restrictions begin as soon as you add an IP address range to the list.

There's a Label property which lets you enter a description. This could be useful for keeping track of IP addresses. For example, you have a user that connects from their office IP, but sometimes connects from their home IP.

Here is an example of an IP allowlist configuration:

IP Whitelist

Video Reference

Error message when your IP is blocked

When you attempt to connect with a user from an IP address other than what is specified within the allowlist you will receive this error message:

User has too many connections from current IP
PreviousNext