Configuring the explicit FTP proxy - web‑based manager
Use the following steps to configure the explicit FTP proxy from FortiGate web‑based manager.
To enable and configure the explicit FTP proxy
1. Go to System > Network > Explicit Proxy > Explicit FTP Proxy Options and change the following settings:
Enable Explicit FTP Proxy | Select. |
Listen on Interface | No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface. |
FTP Port | 2121 |
Default Firewall Policy Action | Deny |
2. Select Apply.
To enable the explicit FTP proxy on the Internal interface
1. Go to System > Network > Interface.
2. Edit the internal interface.
3. Select Enable Explicit FTP Proxy.
4. Select OK.
To add a RADIUS server and user group for the explicit FTP proxy
1. Go to User > Remote > RADIUS.
2. Select Create New to add a new RADIUS server:
Name | RADIUS_1 |
Primary Server Name/IP | 10.31.101.200 |
Primary Server Secret | RADIUS_server_secret |
3. Go to User > User Group > User Group and select Create New.
Name | Explict_proxy_user_group |
Type | Firewall |
Remote authentication servers | RADIUS_1 |
Members | RADIUS_1 |
4. Select OK.
To add a security policy for the explicit FTP proxy
1. Go to Firewall Objects > Address > Address and select Create New.
2. Add a firewall address for the internal network:
Address Name | Internal_subnet |
Type | Subnet / IP Range |
Subnet / IP Range | 10.31.101.[1-255] |
Interface | Any |
3. Go to Policy > Policy > Policy and select Create New.
4. Configure the explicit FTP proxy security policy.
Policy Type | Firewall |
Policy Subtype | User Identity |
Incoming Interface | ftp-proxy |
Source Address | Internal_subnet |
Outgoing Interface | wan1 |
Destination Address | all |
5. Select Enable Identity Based Policy, make sure IP Based is not selected and Auth Method is set to Basic.
6. Under Configure Authentication Rules select Create New to add an authentication rule:
Groups | Explicit_policy |
Users | Leave blank |
Schedule | always |
Action | ACCEPT |
7. Select Antivirus and Web Filter and select the default profiles for both.
8. Select the default proxy options profile.
9. Select OK.
10. Select OK.