FTP proxy
FTP proxies can be configured on the FortiGate so that FTP traffic can be proxied. When the FortiGate is configured as an FTP proxy, FTP client applications should be configured to send FTP requests to the FortiGate.
To configure explicit FTP proxy in the GUI:
- Enable and configure explicit FTP proxy:
- Go to Network > Explicit Proxy.
- Enable Explicit FTP Proxy.
- Select port2 as the Listen on Interfaces and set the HTTP Port to 21.
- Configure the Default Firewall Policy Action as needed.
- Click Apply.
- Create an explicit FTP proxy policy:
- Go to Policy & Objects > Proxy Policy.
- Click Create New.
- Set Proxy Type to FTP and Outgoing Interface to port1.
- Also set Source and Destination to all, Schedule to always, and Action to ACCEPT.
- Configure the FTP client application to use the FortiGate IP address.
To configure explicit FTP proxy in the CLI:
- Enable and configure explicit FTP proxy:
config ftp-proxy explicit set status enable set incoming-port 21
end
config system interface edit “port2” set vdom “vdom1” set ip 10.1.100.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet set type physical set explicit-ftp-proxy enable set snmp-index 12
end
next end
- Create an explicit FTP proxy policy:
config firewall proxy-policy edit 4 set uuid 2e945a3a-565d-51e9-4fac-5215d287adc0
set proxy ftp set dstintf “port2” set srcaddr “all” set dstaddr “all” set action accept set schedule “always”
next
end
- Configure the FTP client application to use the FortiGate IP address.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!