Does the Files.com Agent open any inbound ports?

No. The Agent makes an outbound-only connection to Files.com; it never opens an inbound port or waits for a connection from outside. Your network team does not have to open inbound rules, set up NAT traversal, or place a host in a DMZ.

Do I need a VPN or firewall changes to use the Agent?

No. Because the connection is outbound-only, there is nothing to expose: no VPN tunnel, no firewall pinhole, and no DMZ gateway host to provision, patch, and monitor at the edge.

What on-premise storage can the Agent connect?

The Agent connects SMB, NFS, and CIFS shares, directly-attached storage, internal S3 and Azure Blob endpoints, internal SFTP and FTP servers, and any local path the host can reach. None of that storage ever has to face the public internet.

Can partners reach my on-premise storage through the Agent?

Yes. A local share reached through the Agent can speak FTP/S, SFTP, AS2, WebDAV, or HTTPS to your partners and clients, with no middleware to install. Every request is proxied through Files.com, so your internal systems stay hidden behind the firewall.

What operating systems does the Files.com Agent run on?

The Agent runs on Windows, Linux, and macOS as a small native binary, installed as a system service so it survives reboots.

Can the Agent both mount on-premise folders live and sync on a schedule?

Yes. The Agent can mount on-premise folders so Files.com reads and writes them in real time, or sync them to a destination on a schedule you control. Transfers run in parallel and chunked for speed.

Connect On-Premise Storage Without Opening A Port

Name: Files.com
Price: 199 USD

Install the Agent on a server inside your network and it makes one outbound connection to Files.com. Your on-premise file servers and NAS start moving files to the cloud with no VPN, no inbound firewall rules, and no host in a DMZ. What used to be a multi-week network project becomes a five-minute install.

Outbound-only, no inbound ports

No VPN or firewall changes

Installs in five minutes

On-Premise Storage That Finally Plays Nice With The Cloud

Some of your most important data still lives on the ground. A plant-floor file server, a legacy NAS array, a regional Windows cluster, a system-of-record repository. None of it was built to talk to a cloud platform, and the usual ways to bridge it are all painful. A VPN tunnel takes weeks of network config and approvals. A firewall pinhole is a standing vulnerability you now have to defend. A homegrown script breaks the next time something updates, usually at the worst time.

The Files.com Agent removes that work. You install it on a host inside your network, it makes one outbound connection to Files.com, and your on-premise storage starts moving files. There is no network team to negotiate with, no VPN, and no inbound ports. What used to be its own IT project becomes a five-minute install.

“Our previous solution was on-prem, so we had to allow a third-party vendor onto our entire network. With Files.com that isn't the case — everything is handled at the cloud-based level, whether it's inbound or outbound.”

Nelson Miranda, Sr. Systems EngineerSpirit Airlines

Read The Spirit Airlines Story

How The Agent Stays Out Of Your Firewall

The whole point of the Agent is that it connects out, never in. That single design choice is what lets you skip the VPN, the firewall changes, and the perimeter gateway entirely.

Outbound-Only Connection

The Agent dials out to Files.com. It never opens an inbound port and never waits for a connection from the outside. Your network and security team does not have to open inbound rules, set up NAT traversal, or put a host in a DMZ.

No VPN, No Firewall Changes

Because the connection is outbound-only, there is nothing to expose. You skip the VPN tunnel, the firewall pinhole, and the weeks of network config and security approvals that a traditional bridge would need.

No DMZ Box To Stand Up

Legacy MFT products need a hardened gateway host in your perimeter network to accept inbound connections. The Agent has nothing to put in a DMZ. There is no gateway to provision, patch, and monitor at the edge, so that is one less attack surface and one less box on the patch list.

Your Systems Stay Invisible

End users and partners never touch the Agent directly. Every request is proxied through Files.com, so your internal systems stay hidden behind the firewall and protected.

What You Can Connect

If the host can reach the storage, the Agent can expose it to Files.com. That storage never has to face the public internet.

NAS And SAN Arrays

Point the Agent at an SMB, NFS, or CIFS share, or at directly-attached storage. If the volume is mounted on the host, the Agent can expose it to Files.com.

Amazon S3

Reach an S3 bucket that is only routable from inside your firewall. The Agent proxies the traffic so Files.com can read and write it like any other backend.

Azure Blob Storage

Connect an Azure Blob container that lives on a private network segment, with no inbound rules and no public endpoint exposed.

Internal SFTP And FTP Servers

Route to an SFTP or FTP server that only listens inside your network. The Agent reaches it on Files.com’s behalf, so partners connect through Files.com instead.

Local Drives And File Servers

Plant-floor file servers, regional Windows clusters, legacy archives. Any local path on the host becomes a folder Files.com can orchestrate.

Routed Internal Endpoints

Any storage the host can reach on the local network can be exposed through the Agent, without that storage ever facing the public internet.

On-Prem Folders Inherit The Whole Platform

Once connected, your on-premise storage behaves like any cloud backend on Files.com. Same orchestration, same sharing, same automation.

Mount On-Prem Folders Live

Agent-backed paths show up as Remote Servers inside Files.com. When users browse the site, they see and work with your real on-premise files, no copying required.

Sync On A Schedule You Control

Set up scheduled sync to copy files between your on-premise storage and the cloud on rules you define. Use it for backups, distribution, or keeping a local copy of sensitive data.

Speak Modern Protocols To Partners

A legacy local share reached through the Agent can speak FTP/S, SFTP, AS2, WebDAV, or HTTPS to your partners and clients, with no middleware to install. The old server keeps running as-is, and partners get the modern protocol they asked for.

Parallel, Chunked Transfers

The Agent splits files into parts and transfers them in parallel by default, so large files move at full speed.

Built To Be Easy To Run

The Agent is on the Power tier and above. Enterprise includes as many Agents as you need, plus High Availability clustering. See what each plan includes on the pricing page.

A Single Binary

Just one installable binary. No Java, no Docker, no external libraries to install or maintain. It runs as a system service and starts automatically at boot, so there is no stack to keep patched and nothing to restart by hand.

Runs On Almost Anything

Windows, Linux, and macOS, with minimal CPU and memory. It runs on everything from a $50 Raspberry Pi at the edge to a full enterprise server.

Least-Privilege By Design

Each Agent is constrained to a defined root folder, and you set its permission mode to Read+Write, Read-only, or Write-only. That caps what Files.com can reach through it, so the blast radius is whatever you scoped and nothing more.

Logged In Two Places

Every Agent action is logged both locally on the host and in Files.com’s centralized audit log, and is exportable to your SIEM for full visibility.

On-Premise Agent Questions

Connect Your On-Premise Storage In Minutes

Start a free trial, install the Agent on a host inside your network, and watch your on-premise files show up in Files.com over a single outbound connection. No VPN, no firewall changes, no open ports.

Download The Agent Start My Free Trial

No credit card required • Free for 7 days • Live in minutes