Description | This article describes how to configure the FTP security server policy with SSL offloading. |
Scope | FortiWeb and FortiWeb VM in reverse proxy. |
Solution |
Generally, enabling SSL encryption on an FTP server does require additional CPU and memory resources to handle the encryption and decryption of data. However, the impact would vary on factors such as the number of concurrent connections, the size of the files being transferred, and the available server resources.
In a network environment where the FTP server does not enable with SSL encryption, it poses security concerns where clients would transfer or download files in clear text.
By offloading SSL in FortiWeb FTP security, FortiWeb terminates the SSL connection from the client, decrypts the traffic, and forwards it to the backend FTP server in clear text.
Topology:
Requirement:
From GUI.
Server Pool:
Server Policy:
Steps to verify:
6) Simulate FTP traffic against Fortiweb Virtual Server. 7) Select 'Stop' icon to stop packet capture.
Encrypted: 10.212.134.27(Client) ---> 10.47.18.81 port 21(Fortiweb VIP)
10.100.2.81(Fortiweb IP) ---> 10.100.3.219 port 21(FTP Server)
Refer to below documentation for more information on Fortiweb FTP Security: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.