Let’s see how to configure secure FTP with pfSense in this article. At Bobcares, with our Server Management Services, we can handle your pfSense issues.

How to configure secure FTP with pfSense?

Why do we need secure FTP/SFTP? SFTP is a firewall-friendly protocol since it only requires one connection and encrypts the data files that are being exchanged along with the authentication data. Hence it is an ideal protocol for safe and automatic file transfers.

In this article, we will provide an easy way to set up SFTP with pfSense.

Configuring secure FTP with pfSense using Filezilla

We have mainly three steps to configure SFTP in pfSense, namely:

• Create the groups/users which we require
• Set up SSL/TLS settings
• Configuring firewall

Let’s see each step in detail.

Create the groups/users

We have to initially create the groups and users we desire. Secondly, select Settings >> Passive Mode Settings. The Public IP must be that of the firewall that NATs the connection. Ensure that the Firewall IP we are using to configure the FTP connection matches the Public IP of the FTP server.

Set up SSL/TLS settings

For the connection to be secured and the data to be encrypted, we must first generate a certificate. On Filezilla server options, under SSL/TLS settings, we can simply click Generate New Certificate in order to create a new certificate. Now Provide the required information. We can randomize it if we like. Then click OK when finished.

Configuring firewall

We are utilizing an open-source firewall here. To prevent attackers who often target port 21, we’ll configure two NAT rules to enable the FTP-secured standard port, which is (990). Enable the FTP data port range as well, which in this case needs to be a large range in order to not slow down the connection and to allow the client to open more than one socket in the event of heavy data transfer.

To establish an FTP secure connection, the first rule will permit inbound connections from any source to the internal LAN IP that hosts the FTP server on port 990.

The second rule will authorize inbound connections to the FTP server on the LAN on any source using the data range port 50000 to 51000.

The WAN IP address that we had previously supplied in the FTP Server’s Passive mode settings must be entered in the destination IP field. Also, make sure the transfer mode is set to passive when configuring the client.

[Searching for an answer to another question? Simply click to reach us.]

Conclusion

In this article, we have seen the simple steps to configure secure FTP with Pfsense.