Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config ftp-proxy explicit

Configure explicit FTP proxy settings.

config ftp-proxy explicit

Description: Configure explicit FTP proxy settings.

set status [enable|disable]

set incoming-port {user}

set incoming-ip {ipv4-address-any}

set outgoing-ip {ipv4-address-any}

set sec-default-action [accept|deny]

set ssl [enable|disable]

set ssl-cert {string}

set ssl-dh-bits [768|1024|...]

set ssl-algorithm [high|medium|...]

end

config ftp-proxy explicit

Parameter name

Description

Type

Size

status

Enable/disable the explicit FTP proxy.

option

-

 

Option

Description

enable

Enable the explicit FTP proxy.

disable

Disable the explicit FTP proxy.

incoming-port

Accept incoming FTP requests on one or more ports.

user

Not Specified

incoming-ip

Accept incoming FTP requests from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

outgoing-ip

Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

sec-default-action

Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

option

-

 

Option

Description

accept

Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

deny

Deny requests unless there is a matching explicit FTP proxy policy.

ssl

Enable/disable the explicit FTPS proxy.

option

-

 

Option

Description

enable

Enable the explicit FTPS proxy.

disable

Disable the explicit FTPS proxy.

ssl-cert

Name of certificate for SSL connections to this server (default = "Fortinet_CA_SSL").

string

Maximum length: 35

ssl-dh-bits

Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).

option

-

 

Option

Description

768

768-bit Diffie-Hellman prime.

1024

1024-bit Diffie-Hellman prime.

1536

1536-bit Diffie-Hellman prime.

2048

2048-bit Diffie-Hellman prime.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

 

Option

Description

high

High encryption. Allow only AES and ChaCha

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

config ftp-proxy explicit

Configure explicit FTP proxy settings.

config ftp-proxy explicit

Description: Configure explicit FTP proxy settings.

set status [enable|disable]

set incoming-port {user}

set incoming-ip {ipv4-address-any}

set outgoing-ip {ipv4-address-any}

set sec-default-action [accept|deny]

set ssl [enable|disable]

set ssl-cert {string}

set ssl-dh-bits [768|1024|...]

set ssl-algorithm [high|medium|...]

end

config ftp-proxy explicit

Parameter name

Description

Type

Size

status

Enable/disable the explicit FTP proxy.

option

-

 

Option

Description

enable

Enable the explicit FTP proxy.

disable

Disable the explicit FTP proxy.

incoming-port

Accept incoming FTP requests on one or more ports.

user

Not Specified

incoming-ip

Accept incoming FTP requests from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

outgoing-ip

Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

sec-default-action

Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

option

-

 

Option

Description

accept

Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

deny

Deny requests unless there is a matching explicit FTP proxy policy.

ssl

Enable/disable the explicit FTPS proxy.

option

-

 

Option

Description

enable

Enable the explicit FTPS proxy.

disable

Disable the explicit FTPS proxy.

ssl-cert

Name of certificate for SSL connections to this server (default = "Fortinet_CA_SSL").

string

Maximum length: 35

ssl-dh-bits

Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).

option

-

 

Option

Description

768

768-bit Diffie-Hellman prime.

1024

1024-bit Diffie-Hellman prime.

1536

1536-bit Diffie-Hellman prime.

2048

2048-bit Diffie-Hellman prime.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

 

Option

Description

high

High encryption. Allow only AES and ChaCha

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.