Barracuda CloudGen Firewall

How to Configure the FTP Gateway Service

https://campus.barracuda.com/doc/12198611/
Before configuring the FTP Gateway service, make sure that you have properly created it. For
more information, see How to Create a Service.

To configure the FTP Gateway service settings, complete the following steps:

1. Log into the Barracuda NG Firewall.

2. Open the FTP-GW Settings page for the FTP Gateway service (Config > Full Config
> Box > Virtual Servers > your virtual server > Assigned Services > FTP-Gateway).
3. Click Lock.
4. From the Configuration menu in the left navigation pane, click Settings.
5. In the Behavior section, you can specify the following operational settings for the service:
Setting Description
Listening port The TCP port that the gateway is listening on (default: 21).
The smallest possible TCP port the gateway can use for data
Dataport range (min)
connections (default: 30000).
The largest possible TCP port the gateway can use for data
Dataport range (max)
connections (default: 31000).
The maximum duration for connection attempts in seconds
Listen timeout (default: 15 seconds). When the timeout is exceeded, the
gateway terminates the attempt.
The bind IP addresses. You can select:
⚬ ProxyDyn – The IP address is dynamically chosen according
to the firewall routing tables.
⚬ Server-First - The first server IP is used for connections.
⚬ Server-Second - The second server IP is used for
connections.
NAT Policy
⚬ Semi-Explicit - The explicitly specified source IP address is
used for connections. In the Explicit NAT IP field, enter the IP
address.
⚬ Explicit - The explicitly specified listen and source IP address
is used for connections. In the Explicit NAT IP field, enter the IP
address.
If you select Explicit or Semi-Explicit from the NAT Policy list,
Explicit NAT IP enter the IP address in this field. This IP address is used by the
FTP gateway on connection.
Maximal allowed The maximum number of processes that the gateway may fork
workers (default: 255).
To deny port commands and only allow passive data transfer,
Deny active ftp-data select yes. When this setting is enabled, the server connects to
transfer the client.
By default, no is selected and the setting is disabled.

How to Configure the FTP Gateway Service 1/3

Barracuda CloudGen Firewall

To deny PASV commands and only allow active data transfer,

Deny passive ftp data- select yes. When this setting is enabled, the client connects to
transfer the server.
By default, no is selected and the setting is disabled.
To allow additional FTP commands that are not included in RFC
Deny additional ftp- 959 (such displaying the percentage of the file download in
commands progress), select no.
By default, yes is selected.
FTP-command/ protocol To parse the protocol and check FTP commands for correctness,
check select yes.
To configure buffer overflow protection, click Set or Edit. By
default, all the buffer limits are enabled and set to 255. You can
enable and set the following limits:
⚬ (Max.) Filename length - The maximum length of file or
directory names that are used with the following commands:
RETR, STOR, SMNT, APPE, RNFR, RNTO, DELE, RMD, MKD, LIST,
NLST, and STAT.
⚬ (Max.) Username length - The maximum length for
Buffer-overflow
usernames (USER).
protection
⚬ (Max.) Accountinfo length - The maximum length for
account information (ACCT).
⚬ (Max.) Password length - The maximum length for
passwords (PASS).
⚬ (Max.) String length - The maximum length for strings
that are used with the REST, SITE, and HELP commands.
⚬ (Max.) Parameter length - The maximum length for
parameters that are used with all other FTP commands.
6. In the Virus Scanning section, you can enable or disable the virus scanning of files that are
retrieved via FTP.
Use virus scanner - To enable or disable virus scanning of files that are retrieved via
FTP, select one of the following options:
no - Disables the virus scanning.
local - Enables the Barracuda NG Firewall virus scanner service.
remote - Enables a virus scanner service from a remote system.
Scanner IP - If using a remote virus scanner service, enter the IP address of the remote
virus scanning system in this field.
7. In the Logging section, you can configure log settings for the FTP Gateway service. By default,
all logging settings are enabled. To edit the settings, click Edit. You can configure logging for
FTP events such as file downloads, uploads, appends, renaming, deleting, creation, etc.
8. Click Send Changes and then click Activate.

How to Configure the FTP Gateway Service 2/3

Barracuda CloudGen Firewall

© Barracuda Networks Inc., 2023 The information contained within this document is confidential and proprietary to Barracuda Networks Inc. No
portion of this document may be copied, distributed, publicized or used for other than internal documentary purposes without the written consent of
an official representative of Barracuda Networks Inc. All specifications are subject to change without notice. Barracuda Networks Inc. assumes no
responsibility for any inaccuracies in this document. Barracuda Networks Inc. reserves the right to change, modify, transfer, or otherwise revise this
publication without notice.

How to Configure the FTP Gateway Service 3/3