Configuring the explicit FTP proxy

Configuring the explicit FTP proxy - web‑based manager

Use the following steps to configure the explicit FTP proxy from FortiGate web‑based manager.

To enable and configure the explicit FTP proxy

1. Go to System > Network > Explicit Proxy > Explicit FTP Proxy Options and change the following settings:


Enable Explicit FTP Proxy	Select.
Listen on Interface	No change. This field will eventually show that the explicit web proxy is enabled for the Internal interface.
FTP Port	2121
Default Firewall Policy Action	Deny

2. Select Apply.

To enable the explicit FTP proxy on the Internal interface

1. Go to System > Network > Interface, edit the Internal interface and select Enable Explicit FTP Proxy.

To add a RADIUS server and user group for the explicit FTP proxy

1. Go to User & Device > Authentication > RADIUS Servers.

2. Select Create New to add a new RADIUS server:

3. Go to User > User > User Groups and select Create New.

4. Select OK.

To add a security policy for the explicit FTP proxy

1. Go to Policy &Objects > Objects > Addresses and select Create New.

2. Add a firewall address for the internal network:

3. Go to Policy & Objects > Policy > Explicit Proxy and select Create New.

4. Configure the explicit FTP proxy security policy.

5. Under Configure Authentication Rules select Create New to add an authentication rule:

6. Turn on Antivirus and Web Filter and select the default profiles for both.

7. Select the default proxy options profile.

8. Select OK.

9. Make sure Enable IP Based Authentication is not selected and Default Authentication Method is set to Basic.

10. Select OK.