This page provides access to less frequently used settings for the FTP(E/S) protocol family.

 

The FTP(E/S) protocol family features several options that may be useful to improve security and/or deal with the typical firewall-unfriendliness of this protocol family:

Require same IP address on PASV: when this option is checked, clients requesting passive (PASV) data transfer connections will be forced to initiate such connections from the same IP address they originally initiated the control connection - this is usually a good practice in terms of security

Require same IP address on PORT: when this option is checked, clients requesting active (PORT) data transfer connections will be forced to initiate such connections from the same IP address they originally initiated the control connection - this is usually a good practice in terms of security

Permit Clear Control Channel (CCC): when this option is checked, clients can transfer data over an encrypted channel but keep the control channel in clear (unencrypted) - clearly this may slightly decrease the security, but it may resolve firewall NAT issues for incoming data connection requests when the firewall rewrites the FTP responses for NAT/PAT purposes

Disable STAT command: if checked, the server will not respond to STAT requests, thus providing less information about itself to the client - this may increase security, but don't forget that some clients may need STAT information to interpret your server's responses more correctly

Disable SYST command: if checked, the server will not respond to SYST requests, thus providing less information about itself to the client - this may increase security, but don't forget that some clients may need STAT information to interpret your server's responses more correctly

Block all PORT (active) transfers: when this option is checked, only passive (PASV) data transfers are allowed

 

In addition to the above configuration settings, this page also allows you to selectively enable/disable specific SSL/TLS versions along with their associated Cipher Suites.

 

Adm_FTPES_Adv