Skip to main content
Skyhigh Security

Configure WCCP to Redirect FTP Traffic

To enable the use of the WCCP redirection method for requests that clients send to servers under the FTP protocol, configure the proxy settings as follows.

  1. Enforce use of the active FTP mode by clients.
    1. Select Configuration | Appliances.
    2. On the appliances tree, select the appliance that you want to enable use of the WCCP redirection method for, then click Proxies (HTTP(S), FTP, SOCKS, ICAP ...).
    3. Scroll down to FTP Proxy and make sure that Enable FTP proxy is selected.
    4. Select an entry in the FTP port definition list, click Edit, and under FTP Proxy Port, deselect Allow clients to use passive connections.
      Repeat this substep for all entries in the list.
  2. Add ports 21 and 2020 to the ports that are used for redirection under WCCP.
    1. Within the Proxies settings, scroll to Transparent Proxy, and under Supported redirection methods, make sure that WCCP is selected.
    2. Select an entry in the WCCP services list, click Edit, and under Ports to be redirected type 21,2020.
      Repeat this substep for all entries in the list.
  3. Click Save Changes.
  4. Within the relevanr settings, set the ftp.match.client.data parameter to yes.

This setting ensures that Web Gateway uses the IP address that it received from the client as its source IP address when responding to the client.

This address is the IP address of the FTP server in question, not the IP address of the Web Gateway appliance. The client does therefore not suspect a security risk.

Requests sent from a client to a server under the FTP protocol are now redirected to Web Gateway, using the WCCP redirection method, and processed without problems.

  • Was this article helpful?