Description
This article expands upon authentication against an FTP proxy configured in FortiGate, as outlined here:
Related link.
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-WAN-opt-52/ftp_proxy.htm
Solution
When using FileZilla or a similar FTP client to connect to an FTP server, a FortiGate can be used as FTP proxy in between, and can also require authentication depending on configuration.
In general, authentication via FTP proxy follows this format:
1) User establishes a connection to the FTP proxy.
The explicit FTP proxy responds with a welcome message and requests the user’s FTP proxy user name and password and a username and address of the FTP server to connect to:
Connected to 10.31.101.100.
220 Welcome to Fortigate FTP proxy
Name (10.31.101.100:user):
This message can be modified via the 'FTP Explicit Banner Message' replacement message.
2) At the prompt the user enters their FTP proxy username and password and a username and address for the FTP server.
The FTP server address can be a domain name or numeric IP address.
This information is entered using the following syntax:
<proxy-user>:<proxy-password>:<server-user>@<server-address>
For example, if the proxy username and password are p-name and p-pass and a valid username for the FTP server is s-name and the server’s IP address is ftp.example.com the syntax is:
p-name:p-pass:s-name@ftp.example.com
For FileZilla in particular, there are several pre-formatted options available (like 'USER %user@%host' for example).
This syntax needs to be used in FileZilla for a successful connection:
USER %s:%w:%u@%h
PASS %p
