Adding a Global FTP/S Service

 

FTP and FTPS (the secure version of FTP) are general-purpose file transfer protocols. They are used for performing a variety of file transfer operations like small, one-time transfers, or large bulk file transfers.

 

To add a Global FTP or FTPS service, navigate to the Settings > GLOBAL SERVICES > Listeners > Listeners tab and click Add. The Service Protocol dialog displays. Select FTP from the Protocol dropdown list. Click OK.

 

The Add "FTP/S" Global Service dialog displays, as shown in the image below.

 

 

The fields are described below.

 

Host — Identifies the IP address the service listens on. The default value is "::" which means any available IPv4 or IPv6 IP address/network interface is used.

 

Port — Identifies the port that the service listens on. The default port number for explicit SSL (regular and forced) is 21. The default port number for implicit SSL is 990.

 

Type — Select one of the following types:

Regular — The original, non-encrypted version of FTP (plain FTP). The command (control) channel and the data channel are not encrypted. It is recommended that you use this protocol for testing purposes only.

 

FTPS — The secure version of FTP. It acquires its security from SSL/TLS and has 3 modes - explicit, implicit, and forced SSL.

 

  • Explicit SSL — A mode of FTPS where you choose if the data transmitted is encrypted. This mode also supports regular FTP.

     

  • Forced explicit SSL — A mode of FTPS where the command (control) channel is always encrypted, but the data channel is optionally encrypted.

     

  • Implicit SSL — A mode of FTPS where SSL/TLS encryption is implied. In this mode, both command (control) and data channels are automatically protected with SSL/TLS encryption when a connection is established between the FTPS client and your FTPS service.

Private Key — The private encryption key that FTPS uses for encrypted communications. This is sourced from the Keys module in the top menu bar.

 

Click Add or Add/Start.

 

Add — The FTP service is added to the Settings > GLOBAL SERVICES > Listeners > Listeners  grid with a Status of stopped. Click the Start button located under the grid to start the service.

 

Add/Start — The FTP service is added to the Settings > GLOBAL SERVICES > Listeners > Listeners  grid with a Status of running (if no errors are encountered).

 

To customize the FTP/S service, navigate to the Settings > GLOBAL SERVICES > LISTENERS > FTP/S tab. See the image below.

 

 

The fields are described below.

 

CONNECTIONS

 

Banner — Identifies the banner to display for FTP clients.

 

Command channel timeout X min — Identifies the number of minutes that a client can remain inactive on the command channel before the server forcefully disconnects them.

 

Data channel timeout X min — Identifies the number of minutes that a client can remain inactive on the data channel before the server forcefully disconnects them.

 

Passive IP — Identifies the IP used when responding to PASV client requests.

 

Passive port range X to Y — Identifies the server port range for servicing PASV client requests.

 

Data channel send buffer X KB — Identifies the size of the data channel's send buffer. The default value is the send buffer size for the Java Virtual Machine (JVM).

 

Data channel receive buffer X KB — Identifies the size of data channel's receive buffer.  The default value is the receive buffer size for the JVM.

 

Enable TCP_NODELAY — If selected, Nagle's algorithm is disabled.

 

Default transfer mode <ASCII/BInary> — Identifies the default transfer mode the server uses if the client does not specify the transfer mode.

 

Allowed connections modes <Active/Passive/All> — Identifies the allowed connection mode or modes for file transfers and directory listings.

 

SECURITY

 

Require data channel encryption — If selected, the client is required to encrypt the data channel when using FTPS (FTP over SSL) protocol.

 

Require client certificate for authentication — If selected, users authenticating using FTPS (FTP over SSL) are required to authenticate using data encrypted with a private key that maps to a server-installed client certificate.

 

Require client certificate for data channel —  If selected, users requesting data transfer using FTPS (FTP over SSL) are required to supply data encrypted with a private key that maps to a server-installed client certificate.

 

Shutdown SSL for CCC command — If selected, the client must properly shutdown SSL command channel connections when issuing a CCC command.

 

Shutdown SSL for data connection — If selected, the client must properly shutdown SSL data connections.

 

Block bounce attack — If selected, the FTP/S services are only allowed to make PORT requests to the originating host.

 

Block PASV attack — If selected, users are only allowed to connect to passive data ports that are initiated by the same client on the command channel.

 

ASCII TRANSFERS

 

Network charset — Identifies the character encoding used to transfer file names and file contents.

 

Treat ASCII file transfers as binary — If selected, ASCII files are transferred in binary mode.

 

File charset — Identifies the character encoding used to transfer file contents.

 

SSL/TLS Ciphers — The SSL/TLS ciphers to enable for FTPS (FTP over SSL) services. See SSL/TLS Ciphers