These options allow operating a FTP (legacy) service together with the secure FTPS service. The legacy / unsecure FTP service can be disabled by configuring the service to always force secure connections.
When this is enabled, the service also allows Explicit FTPS connections.
When this is enabled, commands are rejected if the command channel was not previously secured via the AUTH FTP command.
These are the settings required for passive or active data connections. In most cases, the values here should match the values configured on your firewall, internet gateway or load balancer.
Range of ports used for passive connections. Set the start and end port to 0 to use random ports for passive connections.
IP address used to advertise server address in passive PASV requests. DNS names are not supported. This needs to be configured as a single IP address. When empty the server will auto detect the address.
Only disable this to support legacy FTPS clients. When disabled, the security of the data connection is highly decreased. A malicious 3rd party could intercept any transferred data. If you need to disable this, consider enabling the certificate authority validation for FTPS clients. This is ignored for non FTPS connections.
Source port used to initiate connection for the PORT or EPRT requests. When set to 0 the server will use a random port and any available IP address.
Welcome message for new connections.
This allows authentication based on username and password.
This allows authentication based on username and SSL certificate. No password required.
Configures the FTP service to pretend that ASCII mode is supported, while doing the actual transfer in BINARY/IMAGINE mode.
Configures the FTP service to use the ASCII mode, when a data type is not explicitly requested by the client.