FTP Proxy

FTP proxy

FTP proxies can be configured on the FortiGate so that FTP traffic can be proxied. When the FortiGate is configured as an FTP proxy, FTP client applications should be configured to send FTP requests to the FortiGate.

To configure explicit FTP proxy in the GUI:

  1. Enable and configure explicit FTP proxy:
    1. Go to Network > Explicit Proxy.
    2. Enable Explicit FTP Proxy.
    3. Select port2 as the Listen on Interfaces and set the HTTP Port to 21.
    4. Configure the Default Firewall Policy Action as needed.
    5. Click Apply.
  2. Create an explicit FTP proxy policy:
    1. Go to Policy & Objects > Proxy Policy.
    2. Click Create New.
    3. Set Proxy Type to FTP and Outgoing Interface to port1.
    4. Also set Source and Destination to all, Schedule to always, and Action to ACCEPT.
    5. Configure the FTP client application to use the FortiGate IP address.

To configure explicit FTP proxy in the CLI:

  1. Enable and configure explicit FTP proxy:

config ftp-proxy explicit set status enable set incoming-port 21

end

config system interface edit “port2” set vdom “vdom1” set ip 10.1.100.1 255.255.255.0 set allowaccess ping https ssh snmp http telnet set type physical set explicit-ftp-proxy enable set snmp-index 12

end

next end

  1. Create an explicit FTP proxy policy:

config firewall proxy-policy edit 4 set uuid 2e945a3a-565d-51e9-4fac-5215d287adc0

set proxy ftp set dstintf “port2” set srcaddr “all” set dstaddr “all” set action accept set schedule “always”

next

end

  1. Configure the FTP client application to use the FortiGate IP address.
This entry was posted in Administration Guides, FortiGate, Fortinet Cookbook, FortiOS, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.