< Home

Configuring the FW as an FTP Server

This section describes how to configure the FW as an FTP server.

Procedure

  1. Access the system view.

    system-view

  2. Enable the FTP server.

    ftp server enable

    The FTP server is configured on the FW by default. You need to run this command to enable the FTP service.

  3. Create an FTP administrator.
    1. Access the AAA view.

      aaa

    2. Configure an administrator account and access the administrator view.

      manager-user user-name

    3. Configure a password for the administrator account.

      password [ cipher cipher-password ]

      The interactive mode is recommended for creating administrator passwords because the passwords configured by the cipher password command are not safe.

    4. Set the administrator level.

      level level

      To ensure that the administrator can log in to the FW, set the administrator level to be 3 or higher.

    5. Set the service type to FTP for the administrator account.

      service-type ftp

    6. Set the FTP service directory for the administrator account.

      ftp-directory directory

    7. Set the maximum number of administrators that can concurrently log in using this administrator account.

      access-limit max-number

    8. Return to the AAA view.

      quit

    9. Return to the system view.

      quit

  4. Optional: Set the idle duration of FTP connections.

    ftp timeout minutes

    To prevent unauthorized access, the FW automatically closes the FTP connections if the FW does not receive any FTP request in a specific period of time. To use the FTP service, FTP administrators must log in to the FTP server again.

    The default connection idle duration is 10 minutes.

  5. Optional: Configure ACLs for FTP connections.

    ACLs are configured to enhance the security of the FTP server.

    1. Access the ACL view.

      acl [ number ] acl-number [ vpn-instance vpn-instance ]

      FTP supports only basic ACLs. Therefore, the acl-number value ranges from 2000 to 2999.

    2. Configure an ACL rule.

      rule [ rule-id ] { deny | permit } [ logging | source { source-ip-address source-wildcard | any } | time-range time-name ]

    3. Return to the system view.

      quit

    4. Configure basic ACLs for FTP connections.

      ftp acl acl-number

Parent Topic: Transferring Files
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >