Fortinet black logo

CLI Reference

ftp-proxy explicit

Configure explicit FTP proxy settings.

  config ftp-proxy explicit
      Description: Configure explicit FTP proxy settings.
      set status [enable|disable]
      set incoming-port {user}
      set incoming-ip {ipv4-address-any}
      set outgoing-ip {ipv4-address-any}
      set sec-default-action [accept|deny]
      set ssl [enable|disable]
      set ssl-cert {string}
      set ssl-dh-bits [768|1024|...]
      set ssl-algorithm [high|medium|...]
  end

config ftp-proxy explicit

Parameter Name Description Type Size
status Enable/disable the explicit FTP proxy.
enable: Enable the explicit FTP proxy.
disable: Disable the explicit FTP proxy.
option -
incoming-port Accept incoming FTP requests on one or more ports. user Not Specified
incoming-ip Accept incoming FTP requests from this IP address. An interface must have this IP address. ipv4-address-any Not Specified
outgoing-ip Outgoing FTP requests will leave from this IP address. An interface must have this IP address. ipv4-address-any Not Specified
sec-default-action Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.
accept: Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not
deny: Deny requests unless there is a matching explicit FTP proxy policy.
option -
ssl Enable/disable the explicit FTPS proxy.
enable: Enable the explicit FTPS proxy.
disable: Disable the explicit FTPS proxy.
option -
ssl-cert Name of certificate for SSL connections to this server (default = "Fortinet_CA_SSL"). string Maximum length: 35
ssl-dh-bits Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).
768: 768-bit Diffie-Hellman prime.
1024: 1024-bit Diffie-Hellman prime.
1536: 1536-bit Diffie-Hellman prime.
2048: 2048-bit Diffie-Hellman prime.
option -
ssl-algorithm Relative strength of encryption algorithms accepted in negotiation.
high: High encryption. Allow only AES and ChaCha
medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
option -

Configure explicit FTP proxy settings.

  config ftp-proxy explicit
      Description: Configure explicit FTP proxy settings.
      set status [enable|disable]
      set incoming-port {user}
      set incoming-ip {ipv4-address-any}
      set outgoing-ip {ipv4-address-any}
      set sec-default-action [accept|deny]
      set ssl [enable|disable]
      set ssl-cert {string}
      set ssl-dh-bits [768|1024|...]
      set ssl-algorithm [high|medium|...]
  end

config ftp-proxy explicit

Parameter Name Description Type Size
status Enable/disable the explicit FTP proxy.
enable: Enable the explicit FTP proxy.
disable: Disable the explicit FTP proxy.
option -
incoming-port Accept incoming FTP requests on one or more ports. user Not Specified
incoming-ip Accept incoming FTP requests from this IP address. An interface must have this IP address. ipv4-address-any Not Specified
outgoing-ip Outgoing FTP requests will leave from this IP address. An interface must have this IP address. ipv4-address-any Not Specified
sec-default-action Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.
accept: Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not
deny: Deny requests unless there is a matching explicit FTP proxy policy.
option -
ssl Enable/disable the explicit FTPS proxy.
enable: Enable the explicit FTPS proxy.
disable: Disable the explicit FTPS proxy.
option -
ssl-cert Name of certificate for SSL connections to this server (default = "Fortinet_CA_SSL"). string Maximum length: 35
ssl-dh-bits Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).
768: 768-bit Diffie-Hellman prime.
1024: 1024-bit Diffie-Hellman prime.
1536: 1536-bit Diffie-Hellman prime.
2048: 2048-bit Diffie-Hellman prime.
option -
ssl-algorithm Relative strength of encryption algorithms accepted in negotiation.
high: High encryption. Allow only AES and ChaCha
medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
option -