FTPS Protocol

Click the New button and in the New server panel select the FTPS protocol.

These fields will appear allowing you to enter the settings for the server:

  • Name (*): assign a name to the server you are creating; it will appear in the server card or row.

  • Description: enter a description of the server.

  • Port (*): enter the port to connect to the server.

  • 🚀 DMZ: activate the DMZ toggle to use the DMZ, choose Port Forwarding mode and specify the port. This will add a new entry in the DMZ → Servers panel.

  • Port range min and max value: enter the range for the ports the server will listen to.

  • Server key (*): select the key identifier about the keystore store to select Private Key and Certificate to create an SSL connection.

  • VFS (*): select the VFS that will be accessible through the FTPS protocol.

  • Active data connection local address: local address for active data connection.

  • Passive external address: this field must be filled in only if Operation mode is set to PASSIVE and will contain the address used for passive connections. If the server is behind NAT, insert the external IP address.

  • Require client authentication: Enable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting. If enabled, the Client certificate match field appears and the appropriate option must be selected in the drop-down menu.

    • Client certificate match. Possible values:

      • NO: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option.

      • CNEQUALS: the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option.

      • CNCONTAINS: the Common Name field of the Certificate must contain the user name.

  • Operation mode (*): define how data connection is established. Possible values:

    • ACTIVE: the client will establish a control connection to the server and the server will establish a data connection back to the client.

    • PASSIVE (default value): the client will establish both a control connection and a data connection to the server.

  • Data protection: define the data channel protection. Possible values:

    • PROTECTED: force data channel protection.

    • CLEARTEXT: no data channel protection.

  • SSL Implicit: enable the toggle button to set an implicit SSL/TLS connection. Most FTP/S Servers listen for implicit connections to port 990. Disabling the toggle button, an explicit SSL/TLS connection will be set via AUTH command.

  • Max session (*): specify the maximum number of active sessions.

  • Connection timeout (*): define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.

  • Active data conn local outport: If the Operation mode is set to ACTIVE, enter the port the client must connect to.

  • Authentication protocols: select the SSL authentication protocol. Possible values are either All or these specific values:

    • SSLv3

    • TLSv1

    • TLSv1.1

    • TLSv1.2

    • TLSv1.3

  • Accepted cipher suites: select the cipherSuites accepted to establish an SSL connection. For a list of all accepted Cipher Suites, follow this link.

PreviousFTP ProtocolNextHTTP Protocol

Last updated