If SFTP is in use and will be load-balanced by MOVEit WAF, additional configuration changes are required.

The MOVEit WAF appliance, by default, will listen on port 22 to allow for authenticated administrative access. This can be a problem in the cloud if port 22 traffic must also be load-balanced, for example, for SFTP. This is because it is often the case that the same IP address must be used for admin access as well as for load-balanced Virtual Services.

If SFTP will be load-balanced, make the following changes in the MOVEit WAF User Interface (UI) in Certificates & Security > Remote Access.
  1. If SSH administrative access is not required, un-check the Allow Remote SSH Access check box.
  2. If SSH administrative access must be retained, change the Port to something other than 22. Click Set Port to apply the change.
Note: If changing the SSH access port, ensure to add the appropriate firewall and security rules to allow this port to be accessed.