Forum Discussion

Stefan_Klotz's avatar
Icon for Cumulonimbus rankCumulonimbus
Dec 15, 2022

Security offload for SFTP

What's the latest status about offloading SFTP/SSH? Is this still not possible? I'm looking for an alternative solution to offload some security features for SFTP, because due to SNAT the server only sees the LBs IP-address and therefor can't use this for the blacklist. Disabling SNAT and having the LB as DFGW for the server is not an option. And as SFTP doesn't support and kind of XFF, I was wondering if I can use any nice iRule to check for not allowed usernames or the number of failed login attempts. We also have only LTM module available.

Thanks for any ideas or further information!

Regards Stefan 🙂

2 Replies