Setting Up FTP Servers

TIBCO MFT Internet Server provides an internal FTP server that can be configured and used to perform FTPS transfers.

Procedure

  1. Create an FTP system key.
    All FTPS servers have a key/certificate pair. MFT can create the key pair for you or you may import existing keys. For this example, a new key pair is generated for MFT FTP Server to use as the default key pair.
    1. Click Administration > Protocol Keys > System Keys > Create Key. Configure the following parameters:
      Parameter Description
      System Key Type Select FTP System Key.
      Description Provide the key a descriptive name.
      Password Configure this key a password phrase and confirm it.
      Expiration Date Accept the default value or edit them if you want.
      Key Size Accept the default value or edit them if you want.
      Set as Default Select this check box.
      Signing Algorithm Accept the default value or edit them if you want.
      Common Name Configure the common name in the Distinguished Name section.

      Configure the rest of the Distinguished Name section if required.

    2. Click the Create Key.
  2. Configure the FTP server.
    1. Click Administration > Transfer Servers > FTP Server > Configure FTP Server. On the Configure FTP Server page, configure the following parameters your MFT FTP server:
      Parameter Description
      Enabled Select Yes.
      IP Port Configure the IP port. The default port is 21.
      SSL Port Set the port to 990 or a required one.
      FTP System Key The FTP system key that you created in Step 1 is used be default. You may enter more keys to the MFT system and you would choose the key pair that you want to use by selecting the appropriate one from the list. For this example, the default key will be used.
      Welcome Message Provide a welcome message that users can see when they connect to the server if required.
      Clear Command Channel Click Yes if required by the network administrators.
      SSL Only Connections By default, the FTP server will accept both FTP and FTPS connections. Click Yes if only FTPS connections should be accepted
      Use External IP Address Click Yes if required by the network administrators.
      External IP Address This parameter defines the IP address that is returned in the PORT or EPRT command.
      Note: This parameter is only used when Use External IP Address is set to Yes.
      PORT/EPRT Allowed in Incoming Request This parameter defines whether incoming FTP Requests will support PORT or EPRT mode.
      PORT Checking This parameter defines whether checking will be done on the IP address defined in the Client PORT and EPRT commands.
      The valid values are as follows:
      • None: no checking is performed on the IP address defined in the PORT and EPRT commands.
      • Subnet: the subnet (3 bytes for IPv4 and 14 bytes for IPv6) of the control connection is compared to the subnet of the IP address defined in the PORT and EPRT commands. If they do not match, the PORT or EPRT command is rejected.
      • IP Address: the IP address of the control connection is compared to the IP address defined in the PORT and EPRT commands. If they do not match, the PORT or EPRT command is rejected.
      PASV Checking This parameter defines whether checking will be done on the IP address of the incoming data connection.
      The valid values are as follows:
      • None: no checking is performed on the IP address of the incoming data connection.
      • Subnet: the subnet (3 bytes for IPv4 and 14 bytes for IPv6) of the control connection is compared to the subnet of the IP address of the incoming data connection. If they do not match, the data connection is terminated.
      • IP Address: the IP address of the control connection is compared to the IP address of the incoming data connection. If they do not match, the data connection is terminated.
    2. Click Update.
      Note: Any changes made to the FTP Server Configurations page requires a restart of the service.
  3. To start the MFT FTP server, click Administration > Transfer Servers > FTP Server > FTP Server Status to open the FTP Server Status page, and then click Start Server.
  4. To configure global FTP server settings, click Administration > System Configuration, and expand the Global FTP Settings section.
    By default, the FTPS server is configured to use any available high port. Network administrators may require the FTPS server be restricted to a range of ports. Additionally, the MFT FTP Server is configured to perform Password Only authentication. Some environments may want to change this to Certificate Only authentication or use both.
    Parameter Description
    Limit Local Ports If you want to restrict the FTPS server to a range of high ports, click Yes.
    Starting Port Set the starting port number range. For example, 40000.
    Number of Ports to Use Set the port range. For example, 100. The value range is from 40000 to 40099.
    FTP Client Authentication Method Set the authentication method to be used for the MFT FTP server. The valid values are: Password Only, Certificate Only, Certificate or Password, and Certificate and Password.
    Allow Users to Add FTP Keys If you want to allow users to add their own FTP public keys to the MFT database, click Yes. Users can add their FTP public keys through the transfer client.
    Initial Status of FTP Keys Added by Users This parameter defines whether you want that key to be enabled or disabled when users adds their own FTP public key.
    Email Recipients when User Adds FTP Key Enter the email addresses to which an email will be sent when a user has added a new FTP public key to the MFT database. Separate multiple email addresses with a comma.
    Email Template when User Adds FTP Key The email template that will be used when sending out notification to the email recipient in the field above. The default email template is located at WEB_Server\cfcc\email-templates\email-ftp-key-notification-template.xml.