The FTP Gateway service provides network users secure access to your company´s FTP server where they can perform actions such as up- and downloading files, etc., depending on their permissions. You can configure networking settings for the FTP Gateway and specify how the FTP Gateway service handles FTP commands and file transfers. You can also apply virus scanning and log settings according to your company´s requirements.
Step 1. Configure Network Settings
To configure network settings for the FTP Gateway, complete the following steps:
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > FTP-Gateway > FTP Gateway Settings.
- Click Lock.
In the Listening port field, enter the TCP port that the gateway is listening on (default: 21).
- From the NAT Policy list, select the bind IP addresses. You can select:
- ProxyDyn – The IP address is dynamically chosen according to the firewall routing tables.
- Server-First – The first server IP is used for connections.
- Server-Second – The second server IP is used for connections.
- Semi-Explicit – The explicitly specified source IP address is used for connections. In the Explicit NAT IP field, enter the IP address.
- Explicit – The explicitly specified listen and source IP address is used for connections. In the Explicit NAT IP field, enter the IP address.
- If you select Explicit or Semi-Explicit from the NAT Policy list, enter the IP address in this field. This IP address is used by the FTP gateway on connection.
- Proceed with the next step.
Step 2. Configure Data Transfer and FTP Commands
In the FTP-GW Settings node, you can configure how the FTP Gateway service handles FTP commands and file transfer.
- On the Settings page, select yes to Deny active ftp-data transfer if port commands should be denied and only passive data transfer should be allowed. When this setting is enabled, the server connects to the client.
- To deny PASV commands and only allow active data transfer, select yes to Deny passive ftp data-transfer. When this setting is enabled, the client connects to the server.
- To allow additional FTP commands that are not included in RFC 959 (such displaying the percentage of the file download in progress), select no to Deny additional ftp- commands.
- To let the FTP Gateway service parse the protocol and check FTP commands for correctness, select yes to FTP-command/protocol check.
- To configure buffer overflow protection, click Set or Edit next to Buffer-overflow protection.
By default, all the buffer limits are enabled and set to 255. You can enable and set the following limits:- (Max.) Filename length – The maximum length of file or directory names that are used with the following commands:
RETR
,STOR
,SMNT
,APPE
,RNFR
,RNTO
,DELE
,RMD
,MKD
,LIST
,NLST
, andSTAT
. - (Max.) Username length – The maximum length for usernames (USER).
- (Max.) Accountinfo length – The maximum length for account information (ACCT).
- (Max.) Password length – The maximum length for passwords (PASS).
- (Max.) String length – The maximum length for strings that are used with the
REST
,SITE
, andHELP
commands. - (Max.) Parameter length – The maximum length for parameters that are used with all other FTP commands.
- (Max.) Filename length – The maximum length of file or directory names that are used with the following commands:
- Proceed with the next step.
Step 3. Configure Virus Scanner Settings
In the Virus Scanning section, you can configure virus scanning of files that are retrieved via FTP. You can use a local virus scanner if configured on the Barracuda CloudGen Firewall, such as Avira or ClamAV (requires a Malware Protection license, see Virus Scanner), or you can use a remote virus scanner.
- On the Settings page, select one of the following settings for Use virus scanner to enable virus scanning:
- local – Enables the Barracuda CloudGen Firewall virus scanner service.
- remote – Enables a virus scanner service from a remote system.
- Scanner IP – When using a remote virus scanner service, specify the IP address of the remote virus scanning system in this field.
- Proceed with the next step.
Step 4. Configure Log Settings
In the Logging section, you can configure log settings for the FTP Gateway service. By default, all log settings are enabled.
- On the Settings page, click Edit in the Logging section.
- On the Logging page, configure the logging settings for FTP events by enabling/disabling logging of file downloads, uploads, appends, renaming, deleting, creation, etc.
- Click OK.
- Click Send Changes and Activate.