An FTP(S) Endpoint allows an FTP server to act as a source or destination for data transfer. If your partner has an FTP Server, you can use an FTP(S) Endpoint to connect to it as a client. CIC supports both FTP and FTPS.
The FTP(S) Endpoint has the following attributes.
| Attribute |
Description |
| Connect |
Specify how to connect this Endpoint to other entities.
| Directly |
Connect to external Trading Partners via CIC Cloud. |
| via Access Point |
Use an Access Point to connect to internal FTP servers when inbound ports cannot be opened. If you select this option, you must also select an Access Point. See Managing Access Points for more information. |
|
| Encryption Mode |
Specify the kind of encryption to use.
| Explicit FTPS |
The command and data ports are both initially clear-text. Then, when an AUTH command is issued, both ports are secure. When you select this value, the Authorization Type field displays. |
| Implicit FTPS |
The command and data ports are both secure always. |
| Plain FTP |
Both command and data ports are both clear-text always. |
|
| Authorization Type |
This field is displayed only when you select Explicit FTPS in the Encryption Mode field.
Choose from the following:
| Auth SSL |
Use the SSL protocol without protecting the data connection. |
| Auth TLS |
Use the SSL protocol and explicitly protect the data connection. |
| Auth TLS-C |
Use the TLS protocol without implicitly protecting the data connection.Explicit FTPS |
| Auth TLS-P |
Use the TLS protocol and implicitly protect the data connection. |
|
| Host |
Enter either a fully qualified domain name (recommended) or an IP address and a port number.
Port number 21 is standard for plain FTP and explicit FTPS.
Port number 990 is standard for implicit FTPS. |
Username
Password
Account |
The credentials used to log in to this Endpoint.
Account is optional. |
| Data Channel |
Attributes that pertain to how data is passed between the FTP client and FTP server.
| Content Type |
Choose ASCII or Binary.
ASCII mode will change end-of-line characters when transferring across Windows and non-Windows systems. |
| Data Mode |
Sets the default behavior for opening data port connections between the FTP client and FTP server.
| Active |
Causes the client to listen for a connection from the server during data transfers. |
| Passive |
Causes the server to listen for a connection from the client during data transfers. The server indicates the IP address and port number. The FTP server will cycle through port numbers, usually a subset of 1024-65535. |
| Use Command Address |
This field is displayed only when you select Passive in the Data Mode field.
Indicates the IP address specified by the server should be ignored and the command port address should be used instead. (This might be necessary if the server is advertising an internal rather than an external IP address.) |
|
|
| Open PGP |
OpenPGP protects files being transferred through encryption and signing.
| Inbound |
| Verify Signed Payloads |
When you select this check box, you are prompted to select the trading partner's signing PGP key. The PGP key named in this field is the same as the outbound encryption PGP key. If you change this value here, it is also changed for the outbound encryption PGP key. See Endpoint Security. |
| Accept Encrypted Payloads |
When you select this check box, you are prompted to select your decryption PGP key. The PGP key named in this field is the same as the outbound signing PGP key. If you change this value here, it is also changed for the outbound signing PGP key. See Endpoint Security |
|
| Outbound |
| Sign |
Select this check box to sign messages sent from this Endpoint.
When you select Sign, you are prompted to select your signing PGP key. The PGP key named in this field is the same as the inbound decryption PGP key. If you change this value here, it is also changed for the inbound decryption PGP key. See Endpoint Security. |
| Encrypt |
Apply encryption to messages sent from this Endpoint.
When you select Encrypt, you are prompted to select the trading partner's encryption certificate. The PGP key named in this field is the same as the inbound signing PGP key. If you change this value here, it is also changed for the inbound signing PGP key. See Endpoint Security. |
| Compress |
Apply ZLIB compression to messages sent from this Endpoint. Choose this option for large files to conserve bandwidth and improve efficiency and security. |
| Text Output (ASCII armor) |
Encase encrypted messages in ASCII for ease of sending using standard messaging formats. |
|
|
| Advanced |
| Security |
TLS Protocol Version
Minimum
Maximum |
Select minimum and maximum versions for TLS protocol. Messages from systems using versions of TLS outside the range you specify are not accepted.
Choose from the following:
- SSL 3.0
- TLS 1.0 (SSL 3.1)
- TLS 1.1 (SSL 3.2)
- TLS 1.2 (SSL 3.3)
|
| TLS Minimum Encryption Key Size |
The minimum encryption key size allowed when selecting a TLS cipher. To prevent the use of low- or medium-strength ciphers, change from the default value of 0 to 112, 128, or 256 (depending on the requirement). Note that if this value is set too high, all ciphers are filtered out causing the No suitable cipher suites are enabled exception to occur. |
| TLS Ciphers |
Select All Ciphers to present the list of supported ciphers to the server and allow the server to pick one.
Select Select from list to display a list from which you choose a specific cipher.
The cipher selected is used with the server for key exchange, encryption, and hashing. If the server does not support the cipher, an SSL handshake error will occur. |
TLS Renegotiation -
Allow TLS Legacy Renegotiation |
Allows legacy renegotiation. Otherwise, the extension described in RFC5746 will be used for renegotiation and any TLS clients must also support this extension. See RFC5746 for a description of the extension and the vulnerability it addresses. |
| TLS Client Certificate |
If you want to use TLS client authentication, select the client certificate here. See Working With Certificates. |
| Post Auth Command |
A command or set of commands to be issued after the Explicit SSL Command and login sequence. The PBSZ and PROT commands (PBSZ 0;PROT P) are required by some servers regardless of the AUTH type used and are necessary for data channel protection (AUTH TLS or AUTH TLS-C).
If multiple FTP commands are needed after the AUTH command, set this property to all of the commands separated by semicolons (;). |
|
| OpenPGP |
This section is displayed when you select Sign, Encrypt or Compress in the section above.
| OpenPGP Algorithms |
| Hash Algorithm |
Choose the signing method used when OpenPGP packaging (with signing) is requested from the following:
- MD2
- MD5
- RIPE-MD-160
- SHA-1
- SHA-256
- SHA-384
- SHA-512
|
| V3 Signature |
Select this check box to sign messages with Version
3 signatures |
| Encryption Algorithm |
Choose the algorithm you want to use to encrypt
messages. The remote host receiving the message
must be able to decrypt the message using the
algorithm you choose. |
| Compression Algorithm |
Choose the algorithm you want to use to compress
messages. The remote host receiving the message
must be able to compress the message using the
algorithm you choose.
Choose either ZIP or ZLIB. |
|
|
|
| Connection |
| Connection Timeout |
The amount of time allowed to make a connection.
Valid range is from 1 - n seconds.
Default value is 150 seconds. |
| Retry Transfers |
The number of retries permitted for failed transfers and at what frequency to retry them.
Specify the following:
- The number of retries, where the minimum value is 0 (no retries allowed).
- A numeric value and either minutes or seconds to specify how much time should elapse between retries.
|
| Resume failed transfers when rertrying |
Select this check box to retry failed transfers starting where they failed.
|
| Subdomain |
If you have more than one subdomain, select the one you want to use for this Endpoint.
Note: This field appears only when you have more than one subdomain and Cleo has configured one of those subdomains to be associated with a static IP.
|
|
Comments
0 comments
Please sign in to leave a comment.