Symptom:
In GoAnywhere Services Logs (HTTPS, SFTP) - The 'Remote IP Address' is not the end-user IP address, for example:
That Address is the IP Address of the customer's NLB component (F5, Netscaler etc...) or Firewall NAT address
Cause:
This issue is caused by the way network devices operate and see each-other. Since most Firewalls and/or NLBs will do an Address Translation (NAT), the MFT server will see the NAT address and not the actual IP of the user
Solution:
To handle the above cases in web flows, a X-Forwarded-For header was introduced. The network equipment that is doing the NAT must support XFF, otherwise this will not work.
The support for the X-Forward-For header needs to be manually configured on the MFT.
Notice: this capability is supported in versions 6.4.1 and above!
1. Navigate to the installation directory of GoAnywhere MFT and edit the [installDir]/config/system.properties file
2. Add the following to the bottom of the file:
#X-Forward-For support
com.linoma.webClient.xff.proxyPattern=<1st Segment of the IP Address>\\.<2nd Segment of the IP Address>\\.<3rd Segment of the IP Address>\\.<4th Segment of the IP Address>
For example:
- Specific IP:
com.linoma.webClient.xff.proxyPattern=192\\.168\\.25\\.1 - All IPs in the 192.168.0.0 network:
com.linoma.webClient.xff.proxyPattern=192\\.168\\.\\d{1,3}\\.\\d{1,3}
4. Restart the GoAnywhere service
5. Verify that in new end-user connections logs - The 'Remote IP Address' is the end-user IP address, for example: