Fortinet black logo

Administration Guide

FTP proxy

FTP proxy

FTP proxies can be configured on the FortiGate so that FTP traffic can be proxied. When the FortiGate is configured as an FTP proxy, FTP client applications should be configured to send FTP requests to the FortiGate.

To configure explicit FTP proxy in the GUI:
  1. Enable and configure explicit FTP proxy:

    1. Go to Network > Explicit Proxy.

    2. Enable Explicit FTP Proxy.

    3. Select port2 as the Listen on Interfaces and set the HTTP Port to 21.

    4. Configure the Default Firewall Policy Action as needed.

    5. Click Apply.

  2. Create an explicit FTP proxy policy:

    1. Go to Policy & Objects > Proxy Policy.

    2. Click Create New.

    3. Set Proxy Type to FTP and Outgoing Interface to port1.

    4. Also set Source and Destination to all, Schedule to always, and Action to ACCEPT.

    5. Click OK to create the policy.

    Note

    This example creates a basic policy. If required, security profiles can be enabled.

  3. Configure the FTP client application to use the FortiGate IP address.

To configure explicit FTP proxy in the CLI:
  1. Enable and configure explicit FTP proxy:

    config ftp-proxy explicit
        set status enable
        set incoming-port 21
    end
    config system interface
        edit "port2"
            set vdom "vdom1"
            set ip 10.1.100.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
            set type physical
            set explicit-ftp-proxy enable
            set snmp-index 12
        next
    end
  2. Create an explicit FTP proxy policy:

    config firewall proxy-policy
        edit 4
            set name "proxy-policy-ftp"
            set proxy ftp
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
        next
    end 
    Note

    This example creates a basic policy. If required, security profiles can be enabled.

  3. Configure the FTP client application to use the FortiGate IP address.

FTP proxy

FTP proxies can be configured on the FortiGate so that FTP traffic can be proxied. When the FortiGate is configured as an FTP proxy, FTP client applications should be configured to send FTP requests to the FortiGate.

To configure explicit FTP proxy in the GUI:
  1. Enable and configure explicit FTP proxy:

    1. Go to Network > Explicit Proxy.

    2. Enable Explicit FTP Proxy.

    3. Select port2 as the Listen on Interfaces and set the HTTP Port to 21.

    4. Configure the Default Firewall Policy Action as needed.

    5. Click Apply.

  2. Create an explicit FTP proxy policy:

    1. Go to Policy & Objects > Proxy Policy.

    2. Click Create New.

    3. Set Proxy Type to FTP and Outgoing Interface to port1.

    4. Also set Source and Destination to all, Schedule to always, and Action to ACCEPT.

    5. Click OK to create the policy.

    Note

    This example creates a basic policy. If required, security profiles can be enabled.

  3. Configure the FTP client application to use the FortiGate IP address.

To configure explicit FTP proxy in the CLI:
  1. Enable and configure explicit FTP proxy:

    config ftp-proxy explicit
        set status enable
        set incoming-port 21
    end
    config system interface
        edit "port2"
            set vdom "vdom1"
            set ip 10.1.100.1 255.255.255.0
            set allowaccess ping https ssh snmp http telnet
            set type physical
            set explicit-ftp-proxy enable
            set snmp-index 12
        next
    end
  2. Create an explicit FTP proxy policy:

    config firewall proxy-policy
        edit 4
            set name "proxy-policy-ftp"
            set proxy ftp
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
        next
    end 
    Note

    This example creates a basic policy. If required, security profiles can be enabled.

  3. Configure the FTP client application to use the FortiGate IP address.