Explicit FTPS

These options allow operating a FTP (legacy) service together with the secure FTPS service. The legacy / unsecure FTP service can be disabled by configuring the service to always force secure connections.

Enable Explicit FTPS support

When this is enabled, the service also allows Explicit FTPS connections.

Enforce secured command channel

When this is enabled, commands are rejected if the command channel was not previously secured via the AUTH FTP command.

Data connection

These are the settings required for passive or active data connections. In most cases, the values here should match the values configured on your firewall, internet gateway or load balancer.

Range of ports used for passive connections. Set the start and end port to 0 to use random ports for passive connections.

Start port
End port

IP address used to advertise server address in passive PASV requests. DNS names are not supported. This needs to be configured as a single IP address. When empty the server will auto detect the address.

Only disable this to support legacy FTPS clients. When disabled, the security of the data connection is highly decreased. A malicious 3rd party could intercept any transferred data. If you need to disable this, consider enabling the certificate authority validation for FTPS clients. This is ignored for non FTPS connections.

Duration after which idle data channel connections are disconnected. Set to 0 to disable disconnecting idle connections.
This does not affect command channel connections, they are configured in Connections configuration.

Source port used to initiate connection for the PORT or EPRT requests. When set to 0 the server will use a random port and any available IP address.

Advanced options

Welcome message for new connections.

This allows authentication based on username and password.

This allows authentication based on username and SSL certificate. No password required.

Configures the FTP service to pretend that ASCII mode is supported, while doing the actual transfer in BINARY/IMAGINE mode.

Configures the FTP service to use the ASCII mode, when a data type is not explicitly requested by the client.