FTP(S) transfer sites

The Add Transfer Site page for FTP(S) sites presents several sets of options.

General FTP Site settings

The following table describes the general options for a FTP(S) transfer site.

Field Description
Site Settings
Server The host name or IP address of the remote server to connect to for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Port The port on the remote server to be used for file transfers. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Alternative addresses

The visibility of this option is controlled with the value set for the TransferSite.AlternativeAddresses.retryPolicy configuration option. It allows you to set a list of endpoints that act as backup alternatives to the configured Server-Port site settings and are particularly useful in cases of transfer failures. For mode details, see Set Alternative addresses.

Network Zone

The network zone that defines the proxies to use for transfers through this site.

  • Select none to connect directly to the remote FTP server.
  • Select any to allow SecureTransport to select the proxy connection using a network zone that enables an SOCKS5 proxy.
  • Select Default to use the default network zone proxy configuration. If default network zone is defined, transfers from this transfer site fail.
  • Select a specific network zone to use the proxy configuration defined for that zone.

For more information, see Specify TM Server communication ports and IP address for protocol servers on SecureTransport Edge.

Enable Active Connection Mode Determines whether passive or active connection mode is used by SecureTransport for server-initiated transfers over FTP. When selected, Active FTP is used.
Download Folder

The folder on the remote server from which the file is transferred.

You can use an EL expression to append dates. For example, folder_${date("yyyyMMdd")}.The download folder will then be evaluated using the date of the transfer site execution, for example, folder_20210130.

To see the list of the folder's files and subfolders, click List. For more details, see List the contents of the Upload or Download folder.

Download Pattern

The pattern used to match file names to determine whether a file is downloaded. Asterisk (*) matches zero or more characters and question mark (?) matches one character.

To evaluate the download pattern using dates:

The download pattern will be evaluated using the current date when the transfer site is being executed. For example *_20210130.txt. This will match all files ending with _20210130.txt.

Example:

*_${date("yyyyMMdd")}.txt

Allow Overwrite Taken into account when the site is used by the Send To Partner step. If checked the value of "Upload folder" will be overwritten with the value of "Overwrite upload folder". For more details see Advanced Routing.
Upload Folder The folder on the remote server to which files are transferred.

To see all the files and subdirectories in it, click List. For more details, see List the contents of the Upload or Download folder.

Transfer Settings for FTP Transfer sites

The Transfer Settings options allow you to define various transfer settings with your current transfer site.

Field Description
Transfer Settings
Transfer Mode

Specify whether data is transferred as ASCII or binary. You can also choose to have SecureTransport automatically determine the correct transfer mode.

For more information about automatically determining transfer mode, see Transfer mode for server-initiated transfers.

Upload command

Define the FTP command to be used in requests when server-initiated transfers are executed:

STOR (default) - select to use the STOR command for server-initiated transfers. Saves Data and Replaces an Existing File

APPE - select to use the APPE command for server-initiated transfers.

 The upload command is reported to Axway Sentinel and displayed in the Protocol Parameter attribute.
Transcode any line terminators in ASCII mode

When checked, it forces SecureTransport to transcode any sequence of line terminators when ASCII mode is used. In case of a BINARY mode transfer, no action is performed.

When unchecked, it forces SecureTransport to add an extra CR to the line endings of the transferred file.

Use FTPS Deselect to use FTP instead of FTPS.
Verify certificate for the Site Select to verify that the remote system is trusted. This option is displayed when Use FTPS is selected.
Clear Command Channel Select to accept and process a Clear Command Channel subcommand. If the user is authorized to perform the command, send a confirmation message, and change the control connection transmission mode to clear text. This option is displayed when Use FTPS is selected.
TLS Shutdown on CCC

Perform a TLS shutdown upon receiving a Clear Command Channel subcommand. This option is displayed when Clear Command Channel is selected.

Note When closing a TLS connection, such as when issuing a CCC command, each party is required to send a close_notify before closing the connection. This is mandated by RFC 2246. If both the client and server do not acknowledge that the TLS connection is ending they may be susceptible to a TLS truncation attack. From a security standpoint, Axway recommends that both TLS shutdowns be checked when configuring the transfer site CCC option. When performing FTP transfers to a remote SecureTransport Server, you must configure Ftp.CCC.TlsShutdownInitiator for the server. As a result the client sends Close notify and the server responds with Close notify, the server-initiated transfer is successful, and the partners are not susceptible to a TLS truncation attack.
Enable FIPS Transfer Mode

Restrict FTPS to use only FIPS 140-2 Level 1 certified cryptographic libraries. This option is displayed when Use FTPS is selected.

When you enable FIPS transfer mode, the panel expands with an additional field where you specify the desired set of cipher suites to be used in FIPS mode for server-initiated transfers through this site. By default, this set is populated with the cipher suites as defined in the Ftps.FIPS.SIT.Ciphers configuration option.

You can add or remove cipher suites. The supported FIPS cipher suites from which you can select when adding a new one are listed in Advertised ciphers and cipher suites. Note that both the sender and the recipient must use supported FIPS ciphers suites. Otherwise, the transfer will fail.

SITE command Enter a SITE command. You use this command to provide services specific to your system that are not available as FTP commands. EL expressions are supported.

Site Login Credentials for FTP Transfer sites

The Site Login Credentials options allow you to define credentials and / or add a certificate for login to the FTP(S) server.

Field Description
Site Login Credentials
User Name The user name to log in to the FTP server. You cannot enter spaces-only values in this field. For more information, see Spaces in required fields.
Use Password Select to use a password to log in to the FTP server.
Password Password used to log in to the FTP server. Using the toggle provides the ability to switch from literal password to Expression Language input.
Certificate

A private certificate for SecureTransport to use to log in to the FTP server. You can select or import a certificate. This field is displayed when Use FTPS is selected.

When Use Expression Language is enabled, you can set the certificate dynamically by choosing the scope (account or server level) and providing a valid expression that will be evaluated to the name of an available certificate.

By default, the usage of expired X509 certificates is allowed for SIT transfers. To forbid it, set the SIT.allowExpiredCertificates to false.

Post Transmission Send Options for FTP Transfer sites

The Send Options subtab allows you to define post transmission actions on file send success and failure.

Field Description
Send Options
Send File As Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name.
On Temporary Failure A temporary failure can occur when the transfer is incomplete and a retry occurs. Select one of the three choices: No Action, Delete Destination File, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Destination File removes the file from the new location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.
On Failure A failure occurs when the transfer is incomplete and all retry attempts were unsuccessful. Select one of the three choices: No Action, Delete Destination File, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Destination File removes the file from the new location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.
On Success Select one of the choices: No Action, or Move File To. Selecting No Action causes the file to stay in the new location with the file name you specified. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Move File To requires you to specify a directory in the location where you are transferring the files to and to provide an expression used to rename the file.
Note To preserve the original file name when using the Move File To option, use the ${stenv.target} or ${stenv['target']} expressions.

Post Transmission Receive Options for FTP Transfer sites

The Receive options subtab allows you to define post transmission actions on file receive success and failure. Click Receive Options to view these settings.

Field Description
Receive Options
Receive File As Select the check box to specify a file name. You can use the expression language to specify the criteria you want to match. The expression uses the criteria provided to create a new file name from the original file name when the transfer is received. You can use the SecureTransport-specific variable ${stenv.site_target} which takes the value from the remote file path. see Expression Language for information on SecureTransport-specific variables.
On Failure A failure occurs when the transfer is incomplete and all retry attempts were unsuccessful. Select one of the three choices: No Action, Delete Source File, or Move File To. Selecting No Action causes the file to stay in the original location. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Source File removes the file from the original location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files from and to provide an expression used to rename the file.
On Success Select one of the three choices: No Action, Delete Source File, or Move File To. Selecting No Action causes the file to stay in the original location. If another file with the same name is transferred to this location, the original file is overwritten. Selecting Delete Source File removes the file from the original location. Selecting Move File To requires you to specify a directory in the location where you are transferring the files from and to provide an expression used to rename the file.
Note To preserve the original file name when using the Move File To option, use the ${stenv.target} or ${stenv['target']} expressions.

Advanced SSL Settings for FTP Transfer sites

Advanced SSL settings allow you to define Cipher suites and SSL protocols with your current FTP(S) Transfer Site. Select Show Advanced SSL Settings to expand the pane with available options.

Field Description
Show Advanced SSL Settings
Cipher suites

The set of cipher suites available with the current FTP(S) transfer site for secure SIT connection. By default this set is populated with the cipher suites as defined in the Ftps.SIT.Ciphers configuration option.

To reset to default values, click the button next to the tooltip.

Enabled SSL protocols

The available SSL protocols for secure SIT connection with the current FTP(S) transfer site. By default this option uses the SSL protocols as defined in the Ftps.SIT.EnabledProtocols configuration option.

To reset to default values, click the button next to the tooltip.

Supported Active / Passive FTP(S) connections

This table describes the supported Active/Passive FTP(S) connection modes for client/server-initiated transfers over FTP(S).

FTP Exchange type Active FTP mode supported Passive FTP mode supported
Client initiated via Edges Yes Yes
Server initiated via Edges No Yes
Server initiated - no Edges/direct connection Yes Yes

Related topics:

Related Links