Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Aug 2017
    Posts
    9

    Default Client created many SSH Sessions (Exclusion?)

    Hello.
    I have an Untangle 14.0.1 installation that keeps generating these "Client created many SSH sessions" reports.

    The device is a Datto SIRIS NAS that is connecting to the Datto Cloud via SSH. I need to create an exception for this but cannot figure out how to do it.

    What I've tried:

    Bypass Rule: Source Address = (Device internal IP)

    Event - Suspicious Activity: Client created many SSH sessions: CClientAddr != (Device internal IP)

    Event - Suspicious Activity: Client created many SSH sessions: hostname != (Device hostname (listed as the IP on the report))

    Any suggestions?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    CClientAddr != IP should do the trick.
    Or just disable the alert.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Aug 2017
    Posts
    9

    Default

    Quote Originally Posted by dmorris View Post
    CClientAddr != IP should do the trick.
    Or just disable the alert.
    Thanks. The CClientAddr != IP unfortunately did not work.
    I have disabled the event for now, until I find a solution.
    Maybe the firewall needs to be restarted after making this change?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2