Setting connection preferences |
Top Previous Next |
There are various connection preferences that may be used to define how users may connect to domain services you create. These preferences may be managed under the SERVICES > Listeners and Connections modules.
General connection settings apply to all file transfer protocols including AS2, FTP/S, SFTP/SCP, HTTP/S, WebDAV and AFTP and may be set using the SERVICES > Connections module.
Figure 28
Max concurrent connections - The maximum number of concurrent connections allowed. Note: This value may not exceed the concurrent connection limit of your license type.
Max connections/IP - The maximum number of active connections from a single client IP address.
Max connections/user - The maximum number of active connections from a single user.
Max downloads/session - The maximum number of downloads per client session.
Max uploads/session - The maximum number of uploads allowed per client session.
Max file download size (MB) - The maximum file download size in MB.
Max file upload size (MB) - The maximum file upload size in MB.
Max uploads (MB) - Defines an upload quota for the domain that is reset every N days. If upload quota is exceeded no further uploads are allowed until upload quota is reset.
Max downloads (MB) - Defines a download quota for the domain that is reset every N days. If download quota is exceeded no further downloads are allowed until download quota is reset.
Max transfers (MB) - Defines a transfer quota for the domain that is reset every N days. If transfer quota is exceeded no further file transfers are allowed until transfer quota is reset. Transfers are the combined sum of uploads and downloads.
Max transfer rate - The maximum transfer rate for the entire domain. This limit applies to the aggregate of all connections for a given domain, regardless of protocol. This value can be set in KBps, MBps, or GBps.
Disable user after X invalid password attempts in Y min - Disables account for a certain period of time if too many login attempts fail within a certain period of time. See the Setting IP based access section that describes how you can override the disable feature for a user based on their IP address.
Disable IP after X invalid password attempts in Y min - Blocks IP from further access for a certain period of time if too many login attempts fails within a certain period of time. See the Setting IP based access section that describes how you can override the disable feature for IP address(s) of your choosing.
Flag IP after X invalid password attempts in Y min - Flags IP for a certain period of time if too many login attempts fails within a certain period of time. Note, flagging an IP has no affect on the users ability to connect. This will result in an IP Flagged event being raised and is intended primarily for integrating with other applications such as MFT Gateway.
Disable IP after X concurrent connections for Y min - Disables an IP address for a certain period if it's deemed to be making too many concurrent connections, which might indicate a denial-of-service attack. In the event that an IP is blocked/disabled, an IP Blocked event will be raised AND all connections from the offending IP will be closed. See the Setting IP based access section that describes how you can override the disable feature for IP address(s) of your choosing.
Flag IP after X concurrent connections for Y min - Flags an IP address for a certain period if it's deemed to be making too many concurrent connections. In the event that an IP is flagged, an IP Flagged event will be raised.
Close connection after - Closes a connection after a specified number of invalid authentication attempts is reached while performed over that connection.
FTP/S connection settings may be managed under the SERVICES > Listeners > FTP/S tab.
Figure 70
Connections
Banner - The banner to display to FTP clients.
Command channel timeout (min) - The time in minutes that a client may remain inactive on command channel before server forcefully disconnects client.
Data channel timeout (min) - The time in minutes that a client may remain inactive on data channel before server forcefully disconnects client.
Passive IP - The IP to use when responding to PASV client requests.
Passive port range - The port range on the server to use for servicing PASV client requests.
Data channel send buffer - The size of send buffer for data channel. Default is send buffer size for JVM.
Data channel receive buffer - The size of receive buffer for data channel. Default is the receive buffer size for JVM.
Enable TCP_NODELAY - When checked, this setting disables Nagle's algorithm
Default transfer mode - The default transfer mode to be used by server in the event that client does not specify transfer mode.
Allowed connections modes - The allowed connection modes for file transfers and directory listings.
Security
Require data channel encryption - If enabled client will be required to encrypt data channel when using FTPS (FTP over SSL) protocol.
Require client certificate for authentication - If enabled users authenticating using FTPS (FTP over SSL) will be required to authenticate using data encrypted with a private key that maps to a server installed client certificate.
Require client certificate for data channel - If enabled users requesting data transfer using FTPS (FTP over SSL) will be required to supply data encrypted with a private key that maps to a server installed client certificate.
Shutdown SSL for CCC command - If enabled client must properly shutdown SSL connectiosn for command channel when issuing CCC command.
Shutdown SSL for data connection - If enabled client must properly shutdown SSL data connections.
SSL/TLS Ciphers - The SSL/TLS ciphers to enable for FTPS (FTP over SSL) services.
Block bounce attack - If enabled, FTP/S services will only be allowed to make PORT requests to originating host.
Block PASV attack - If enabled users will only be allowed to connect to passive data ports that are initiated by same client on command channel.
SFTP/SCP connection settings may be managed under the SERVICES > Listeners > SFTP/SCP tab.
Figure 71
Software version - The SSH version banner displayed when connecting. Note, it is important that this not contain any spaces.
Startup banner - The banner to display to SFTP clients prior to displaying SSH version banner.
Authentication banner - The banner to display to SFTP clients prior to displaying authentication prompt.
Connection timeout - The time in minutes that client connection may remain inactive before server forcefully disconnects client.
Connection send buffer - The size of send buffer. Default is send buffer size for JVM.
Connection receive buffer - The size of receive buffer. Default is the receive buffer size for JVM.
Enable TCP_NODELAY - When checked, this setting disables Nagle's algorithm
Disable expanded longname format for SSH_FXP_REALPATH - May be required for some SFTP clients that cannot handle long paths in SSH_FXP_REALPATH packets.
Algorithms - Lists all algorithms and ciphers, their order of preference and whether they are enabled.
See also
Additional libraries needed for SFTP ciphers
AFTP connection settings may be managed under the SERVICES > Listeners > AFTP tab.
Figure 163
Connection channel timeout (min) - The time in minutes that client channel (TCP) connection may remain inactive before server forcefully disconnects client.
Data channel timeout (min) - The time in minutes that client data (UDP) connection may remain inactive before server forcefully disconnects client.
Max loss list size - The maximum number of lost blocks of data that may exist in memory for a client session.
Enable TCP_NODELAY - When checked, this setting disables Nagle's algorithm
SSL/TLS Ciphers - The SSL/TLS ciphers to enable for AFTP services.
OFTP connection settings may be managed under the SERVICES > Listeners > OFTP tab.
Figure 192
Connection timeout - Connection channel timeout (min) - The time in minutes that client channel (TCP) connection may remain inactive before server forcefully disconnects client.
Max data buffer size - The maximum data buffer size for OFTP connections.
Max credit - The maximum number of packets that client may send to server before receiving an acknowledgment from server that is it ready to receive more data.
[Overwrite | Generate unique] file when existing file found - The desired behavior if an existing file is found during an OFTP file upload
SSL/TLS Ciphers - The SSL/TLS ciphers to enable for OFTP services.
TFTP connection settings may be managed under the SERVICES > Listeners > TFTP tab.
Figure 193
Max retransmit attempts - The maximum number of times that sender may unsuccessfully send a message before failure.
Retransmit interval - The retransmission interval (seconds) between each message retransmission attempt.
Generate dir.txt file if missing - If checked client may request the file dir.txt to obtain a directory listing of available files.
Generate .md5 file if missing - If checked client may request any filename with a .md5 extension to obtain an MD5 hash of filename contents.
HTTP/S connection settings may be managed under the SERVICES > Listeners > HTTP/S tab.
Figure 89
Theme - The default color theme used for the buttons, menus, tabs, and other GUI elements in the MFT Server Web Client application. Note: The theme can also be set by the individual MFT Server Web Client user under MyAccount > Personal Information. The user-level theme takes precedence over the theme field set in SERVICES > Listeners > HTTP/S.
To change the theme, click on the Change button to the right of the Theme field. After doing so, the following will occur:
To select a theme, click on the desired theme's box. After doing so, the selected theme will temporarily be applied to the MFT Server Manager UI, allowing you to preview what it will look like if applied to the MFT Server Web Client application. To save a selected theme, click anywhere outside of the theme panel. After doing so the Theme field will update with the theme name you selected, and the MFT Server Manager UI’s theme will revert to its currently configured theme. Click the Apply button to save the theme, or alternatively click the Discard button to cancel.
Logo - The logo displayed in upper left corner when using HTML user interface.
Show login info - If checked, the current username and domain is displayed in upper right.
Show search - If checked searches on indexed documents may be performed.
Show ASCII/Binary option - If checked, user has option of uploading files in both ASCII and binary modes. If unchecked only binary is allowed by default and user does not have ability to change this setting.
Show account link - If checked the My Account link is displayed in upper right allowing users to change their account contact information.
Resources... - The current language resource file. Language resource files are used for specifying alternative user interface labels based on client browser default language.
Connection timeout - The connection timeout for HTTP requests in minutes.
Logout URL - The URL to redirect user to upon clicking Logout link.
Enable auto-logout after - If checked, user will be automatically logged out after X minutes of inactivity with grace period of Y seconds.
Enable self-registration with user template - Enables new users to self-register. The properties of the newly created user account will depend on the template chosen from the drop-down list.
Enable web document viewer - If checked web document viewer is enabled.
Enable ad-hoc file transfers - If checked ad-hoc file transfers will be enabled for the domain.
Show buttons shortcuts - If checked, button shortcuts (e.g. F2, F5, F7) are displayed on buttons.
Forms... - Forms available during file upload when using HTML user interface.
|