This article describes how to allow different types of FTP connections when using Web Gateway.
Browser FTP (FTP over HTTP)
If you use Microsoft Internet Explorer to access an FTP web server that requires a password, use the following syntax:
ftp://username:password@ftp.server_name.net/
NOTE: Firefox prompts you for your logon details when it receives the 530 error from an FTP server that requires authentication.
Windows folder FTP (starting an FTP session in the address field of a Windows folder):
The Windows folder uses port 21 instead of the MWG FTP port if you enable the option Enable FTP folder view (outside of Internet Explorer).
This setting is in Internet Explorer under Tools, Internet options, Advanced, Enable FTP folder view (outside of Internet Explorer).
Command line FTP
Use the following syntax for a Windows command-line FTP connection. You must transfer some data during the FTP session to see an entry in the MWG access.log.
From the command line:
- Open a Windows command prompt.
- Run the following command: ftp
- Run the following command: open <MWG IP address> <FTP Proxy port>
- Authenticate, if needed. Authentication requirements are MWG rule or mapping dependent.
- If authentication is needed at the FTP Proxy, enter valid credentials here.
- If no authentication is needed, anonymous logon suffices.
- Enter a USER command for the remote site you would like to go: <remote user>@<remote FTP site>
The normal FTP prompt is returned.
- Use FTP commands as usual.
Client FTP application
If you use a client FTP application, such as
FileZilla, you have to configure the FTP application proxy settings to use MWG. For configuration instructions, see your FTP client documentation.
Passive versus Active FTP connections
- Active FTP connection
If you use an active FTP session, the external FTP server tries to initiate the FTP data connection with the internal client. Your firewall views this action as an external server trying to establish a connection with an internal client. Usually, your firewall blocks the external FTP server data connection request.
- Passive FTP connection
If you use a passive FTP session, the internal client initiates the FTP data connection instead of the external FTP server. Your firewall probably allows the internally initiated FTP data connection and the data transfer.
To allow passive FTP connections with MWG, enable the following MWG setting: Configuration, Appliances, Proxies, FTP Proxy, Allow clients to use passive FTP connections.
