Configuring the explicit FTP proxy

Configuring the explicit FTP proxy - web‑based manager

Use the following steps to configure the explicit FTP proxy from FortiGate web‑based manager.

To enable and configure the explicit FTP proxy

1. Go to System > Network > Explicit Proxy > Explicit FTP Proxy Options and change the following settings:


Enable Explicit FTP Proxy	Select.
Listen on Interface	No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface.
FTP Port	2121
Default Firewall Policy Action	Deny

2. Select Apply.

To enable the explicit FTP proxy on the Internal interface

1. Go to System > Network > Interface.

2. Edit the internal interface.

3. Select Enable Explicit FTP Proxy.

4. Select OK.

To add a RADIUS server and user group for the explicit FTP proxy

1. Go to User > Remote > RADIUS.

2. Select Create New to add a new RADIUS server:

3. Go to User > User Group > User Group and select Create New.


Name	Explict_proxy_user_group
Type	Firewall
Remote authentication servers	RADIUS_1
Members	RADIUS_1

4. Select OK.

To add a security policy for the explicit FTP proxy

1. Go to Firewall Objects > Address > Address and select Create New.

2. Add a firewall address for the internal network:

3. Go to Policy > Policy > Policy and select Create New.

4. Configure the explicit FTP proxy security policy.

5. Select Enable Identity Based Policy, make sure IP Based is not selected and Auth Method is set to Basic.

6. Under Configure Authentication Rules select Create New to add an authentication rule:

7. Select Antivirus and Web Filter and select the default profiles for both.

8. Select the default proxy options profile.

9. Select OK.

10. Select OK.