Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiProxy 7.6.6 CLI Reference
    7.6.6
    7.6.6
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.14
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.0.21
    7.0.20
    7.0.19
    7.0.18
    7.0.17
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    2.0.13
    2.0.12
    2.0.0
    1.2.4

    config ftp-proxy explicit

    config ftp-proxy explicit

    Configure explicit FTP proxy settings.

    config ftp-proxy explicit
    Description: Configure explicit FTP proxy settings.
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set active-src-port [default|server]
    set ipv6-status [enable|disable]
    set incoming-ip6 {ipv6-address}
    set ssl [enable|disable]
    set ssl-cert <name1>, <name2>, ...
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

    config ftp-proxy explicit

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable the explicit FTP proxy.

    option

    -

    disable

    Option

    Description

    enable

    Enable the explicit FTP proxy.

    disable

    Disable the explicit FTP proxy.

    incoming-port

    Accept incoming FTP requests on one or more ports.

    user

    Not Specified

    incoming-ip

    Accept incoming FTP requests from this IP address. An interface must have this IP address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    outgoing-ip

    Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

    ipv4-address-any

    Not Specified

    sec-default-action

    Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

    option

    -

    deny

    Option

    Description

    accept

    Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

    deny

    Deny requests unless there is a matching explicit FTP proxy policy.

    server-data-mode

    Determine mode of data session on FTP server side.

    option

    -

    client

    Option

    Description

    client

    Use the same transmission mode for client and server data sessions.

    passive

    Use passive mode on server data session.

    active-src-port

    Determine port for data session to connect FTP client in active mode.

    option

    -

    default

    Option

    Description

    default

    Use the incoming port - 1 to connect client data session in active mode.

    server

    Use the same port as FTP server source port to connect client data session in active mode.

    ipv6-status

    Enable/disable allowing an IPv6 ftp proxy destination in policies and all IPv6 related entries in this command.

    option

    -

    disable

    Option

    Description

    enable

    Enable allowing an IPv6 ftp proxy destination.

    disable

    Disable allowing an IPv6 ftp proxy destination.

    incoming-ip6

    Restrict the explicit ftp proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

    ipv6-address

    Not Specified

    ::

    ssl

    Enable/disable the explicit FTPS proxy.

    option

    -

    disable

    Option

    Description

    enable

    Enable the explicit FTPS proxy.

    disable

    Disable the explicit FTPS proxy.

    ssl-cert <name>

    List of certificate names to use for SSL connections to this server.

    Certificate list.

    string

    Maximum length: 79

    ssl-dh-bits

    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).

    option

    -

    2048

    Option

    Description

    768

    768-bit Diffie-Hellman prime.

    1024

    1024-bit Diffie-Hellman prime.

    1536

    1536-bit Diffie-Hellman prime.

    2048

    2048-bit Diffie-Hellman prime.

    ssl-algorithm

    Relative strength of encryption algorithms accepted in negotiation.

    option

    -

    high

    Option

    Description

    high

    High encryption. Allow only AES and ChaCha

    medium

    Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

    low

    Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
    Previous
    Next

    config ftp-proxy explicit

    config ftp-proxy explicit

    Configure explicit FTP proxy settings.

    config ftp-proxy explicit
    Description: Configure explicit FTP proxy settings.
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set active-src-port [default|server]
    set ipv6-status [enable|disable]
    set incoming-ip6 {ipv6-address}
    set ssl [enable|disable]
    set ssl-cert <name1>, <name2>, ...
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

    config ftp-proxy explicit

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable the explicit FTP proxy.

    option

    -

    disable

    Option

    Description

    enable

    Enable the explicit FTP proxy.

    disable

    Disable the explicit FTP proxy.

    incoming-port

    Accept incoming FTP requests on one or more ports.

    user

    Not Specified

    incoming-ip

    Accept incoming FTP requests from this IP address. An interface must have this IP address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    outgoing-ip

    Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

    ipv4-address-any

    Not Specified

    sec-default-action

    Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

    option

    -

    deny

    Option

    Description

    accept

    Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

    deny

    Deny requests unless there is a matching explicit FTP proxy policy.

    server-data-mode

    Determine mode of data session on FTP server side.

    option

    -

    client

    Option

    Description

    client

    Use the same transmission mode for client and server data sessions.

    passive

    Use passive mode on server data session.

    active-src-port

    Determine port for data session to connect FTP client in active mode.

    option

    -

    default

    Option

    Description

    default

    Use the incoming port - 1 to connect client data session in active mode.

    server

    Use the same port as FTP server source port to connect client data session in active mode.

    ipv6-status

    Enable/disable allowing an IPv6 ftp proxy destination in policies and all IPv6 related entries in this command.

    option

    -

    disable

    Option

    Description

    enable

    Enable allowing an IPv6 ftp proxy destination.

    disable

    Disable allowing an IPv6 ftp proxy destination.

    incoming-ip6

    Restrict the explicit ftp proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

    ipv6-address

    Not Specified

    ::

    ssl

    Enable/disable the explicit FTPS proxy.

    option

    -

    disable

    Option

    Description

    enable

    Enable the explicit FTPS proxy.

    disable

    Disable the explicit FTPS proxy.

    ssl-cert <name>

    List of certificate names to use for SSL connections to this server.

    Certificate list.

    string

    Maximum length: 79

    ssl-dh-bits

    Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).

    option

    -

    2048

    Option

    Description

    768

    768-bit Diffie-Hellman prime.

    1024

    1024-bit Diffie-Hellman prime.

    1536

    1536-bit Diffie-Hellman prime.

    2048

    2048-bit Diffie-Hellman prime.

    ssl-algorithm

    Relative strength of encryption algorithms accepted in negotiation.

    option

    -

    high

    Option

    Description

    high

    High encryption. Allow only AES and ChaCha

    medium

    Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

    low

    Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
    Previous
    Next