ftp-proxy : explicit
 
explicit
Use this command to enable the explicit FTP proxy, and configure the TCP port used by the explicit FTP proxy.
Syntax
config ftp-proxy explicit
set status {disable | enable}
set incoming-port <in_port_int>
set incoming-ip <incoming_address_ipv4>
set outgoing-ip <outgoing_address_ipv4>
set sec-default-action {accept | deny}
end
Variable
Description
Default
status {disable | enable}
Enable the explicit FTP proxy for FTP sessions.
disable
incoming-port <in_port_int>
Enter the port number that traffic from FTP clients use to connect to the explicit FTP proxy. The range is 0 to 65535. Explicit FTP proxy users must configure their FTP client proxy settings to use this port.
21
incoming-ip <incoming_address_ipv4>
Enter the IP address of a FortiGate unit interface that should accept sessions for the explicit FTP proxy. Use this command to restrict the explicit FTP proxy to only accepting sessions from one FortiGate interface.
The destination IP address of explicit FTP proxy sessions should match this IP address.
This field is visible in NAT/Route mode only.
0.0.0.0
outgoing-ip <outgoing_address_ipv4>
Enter the IP address of a FortiGate unit interface that explicit FTP proxy sessions should exit the FortiGate unit from. Use this command to restrict the explicit FTP proxy to only allowing sessions to exit from one FortiGate interface.
This IP address becomes the source address of FTP proxy sessions exiting the FortiGate unit.
This field is visible in NAT/Route mode only.
 
sec-default-action {accept | deny}
Configure the explicit FTP proxy to block (deny) or accept sessions if firewall policies have not been added for the explicit FTP proxy. To add firewall policies for the explicit FTP proxy add a firewall policy and set the source interface to ftp-proxy.
The default setting denies access to the explicit FTP proxy before adding a firewall policy. If you set this option to accept the explicit FTP proxy server accepts sessions even if you haven’t added an ftp-proxy firewall policy.
deny