Fortinet black logo

CLI Reference

Home FortiProxy 7.4.3 CLI Reference
7.4.3
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.17
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
2.0.13
2.0.12
2.0.0
1.2.4

config ftp-proxy explicit

config ftp-proxy explicit

Configure explicit FTP proxy settings.

config ftp-proxy explicit
    Description: Configure explicit FTP proxy settings.
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set ipv6-status [enable|disable]
    set incoming-ip6 {ipv6-address}
    set ssl [enable|disable]
    set ssl-cert <name1>, <name2>, ...
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

config ftp-proxy explicit

Parameter

Description

Type

Size

Default

status

Enable/disable the explicit FTP proxy.

option

-

disable

Option

Description

enable

Enable the explicit FTP proxy.

disable

Disable the explicit FTP proxy.

incoming-port

Accept incoming FTP requests on one or more ports.

user

Not Specified

incoming-ip

Accept incoming FTP requests from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

0.0.0.0

outgoing-ip

Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

sec-default-action

Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

option

-

deny

Option

Description

accept

Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

deny

Deny requests unless there is a matching explicit FTP proxy policy.

server-data-mode

Determine mode of data session on FTP server side.

option

-

client

Option

Description

client

Use the same transmission mode for client and server data sessions.

passive

Use passive mode on server data session.

ipv6-status

Enable/disable allowing an IPv6 ftp proxy destination in policies and all IPv6 related entries in this command.

option

-

disable

Option

Description

enable

Enable allowing an IPv6 ftp proxy destination.

disable

Disable allowing an IPv6 ftp proxy destination.

incoming-ip6

Restrict the explicit ftp proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

ipv6-address

Not Specified

::

ssl

Enable/disable the explicit FTPS proxy.

option

-

disable

Option

Description

enable

Enable the explicit FTPS proxy.

disable

Disable the explicit FTPS proxy.

ssl-cert <name>

List of certificate names to use for SSL connections to this server.

Certificate list.

string

Maximum length: 79

ssl-dh-bits

Bit-size of Diffie-Hellman.

option

-

2048

Option

Description

768

768-bit Diffie-Hellman prime.

1024

1024-bit Diffie-Hellman prime.

1536

1536-bit Diffie-Hellman prime.

2048

2048-bit Diffie-Hellman prime.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

high

Option

Description

high

High encryption. Allow only AES and ChaCha

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
Previous
Next

config ftp-proxy explicit

Configure explicit FTP proxy settings.

config ftp-proxy explicit
    Description: Configure explicit FTP proxy settings.
    set status [enable|disable]
    set incoming-port {user}
    set incoming-ip {ipv4-address-any}
    set outgoing-ip {ipv4-address-any}
    set sec-default-action [accept|deny]
    set server-data-mode [client|passive]
    set ipv6-status [enable|disable]
    set incoming-ip6 {ipv6-address}
    set ssl [enable|disable]
    set ssl-cert <name1>, <name2>, ...
    set ssl-dh-bits [768|1024|...]
    set ssl-algorithm [high|medium|...]
end

config ftp-proxy explicit

Parameter

Description

Type

Size

Default

status

Enable/disable the explicit FTP proxy.

option

-

disable

Option

Description

enable

Enable the explicit FTP proxy.

disable

Disable the explicit FTP proxy.

incoming-port

Accept incoming FTP requests on one or more ports.

user

Not Specified

incoming-ip

Accept incoming FTP requests from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

0.0.0.0

outgoing-ip

Outgoing FTP requests will leave from this IP address. An interface must have this IP address.

ipv4-address-any

Not Specified

sec-default-action

Accept or deny explicit FTP proxy sessions when no FTP proxy firewall policy exists.

option

-

deny

Option

Description

accept

Accept requests. All explicit FTP proxy traffic is accepted whether there is an explicit FTP proxy policy or not

deny

Deny requests unless there is a matching explicit FTP proxy policy.

server-data-mode

Determine mode of data session on FTP server side.

option

-

client

Option

Description

client

Use the same transmission mode for client and server data sessions.

passive

Use passive mode on server data session.

ipv6-status

Enable/disable allowing an IPv6 ftp proxy destination in policies and all IPv6 related entries in this command.

option

-

disable

Option

Description

enable

Enable allowing an IPv6 ftp proxy destination.

disable

Disable allowing an IPv6 ftp proxy destination.

incoming-ip6

Restrict the explicit ftp proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address.

ipv6-address

Not Specified

::

ssl

Enable/disable the explicit FTPS proxy.

option

-

disable

Option

Description

enable

Enable the explicit FTPS proxy.

disable

Disable the explicit FTPS proxy.

ssl-cert <name>

List of certificate names to use for SSL connections to this server.

Certificate list.

string

Maximum length: 79

ssl-dh-bits

Bit-size of Diffie-Hellman.

option

-

2048

Option

Description

768

768-bit Diffie-Hellman prime.

1024

1024-bit Diffie-Hellman prime.

1536

1536-bit Diffie-Hellman prime.

2048

2048-bit Diffie-Hellman prime.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

high

Option

Description

high

High encryption. Allow only AES and ChaCha

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
Previous
Next