Configuring the explicit FTP proxy - CLI
Use the following steps to configure the example explicit web proxy configuration from the CLI.
To enable and configure the explicit FTP proxy
1. Enter the following command to enable the explicit FTP proxy and set the TCP port that proxy accepts FTP connections on to 2121.
config ftp-proxy explicit
set status enable
set incoming-port 2121
set sec-default-action deny
end
To enable the explicit FTP proxy on the Internal interface
1. Enter the following command to enable the explicit FTP proxy on the internal interface.
config system interface
edit internal
set explicit-ftp-proxy enable
end
To add a RADIUS server and user group for the explicit FTP proxy
1. Enter the following command to add a RADIUS server:
config user radius
edit RADIUS_1
set server 10.31.101.200
set secret RADIUS_server_secret
end
2. Enter the following command to add a user group for the RADIUS server.
config user group
edit Explicit_proxy_user_group
set group-type firewall
set member RADIUS_1
end
To add a security policy for the explicit FTP proxy
1. Enter the following command to add a firewall address for the internal subnet:
config firewall address
edit Internal_subnet
set type iprange
set start-ip 10.31.101.1
set end-ip 10.31.101.255
end
2. Enter the following command to add the explicit FTP proxy security policy:
config firewall explicit-proxy-policy
edit 0
set proxy ftp
set dstintf wan1
set srcaddr Internal_subnet
set dstaddr all
set action accept
set identity-based enable
set ipbased disable
set active-auth-method basic
config identity-based-policy
edit 0
set groups Explicit_Proxy_user_group
set schedule always
set utm-status enable
set av-profile default
set profile-protocol-options default
end
end