Which authentication mode is needed for FTP proxy authentication?

FAQ ID:    FAQ2152
Version:    2.0
Status:    Published
Published date:    05/25/2012
Updated:    10/14/2013


When authenticating FTP traffic on the ProxySG, the authentication mode of "Proxy" should be used.

It is important to use "Proxy" authentication mode because it does not use a surrogate such as an IP address when authenticating. In other words, authentication is not cached. So the proxy is expecting authentication credentials each time you login via FTP. The reason this is necessary is because when using an IP surrogate such as with the authentication mode of "Proxy IP", the proxy is not expecting the credentials when a user is already authenticated on the proxy from a previous transaction. So in this case, when proxy credentials are provided, the login fails.

Example of CPL rule set to authenticate FTP with authentication mode of "Proxy" (with a rule under it to authenticate everything else with "Proxy IP" mode:



    url.port=21 authenticate(realm-name) authenticate.force(no) authenticate.mode(proxy)
    authenticate(realm-name) authenticate.force(no) authenticate.mode(proxy-ip)

In the VPM, you can create a rule above any general authenticate rules set with the following:

Destination field: Destination Host Port object = 21

Action field: Authenticate object, Authenticate Mode = Proxy



Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question