FTP and FTPS
At Files.com, we are one of the largest FTP providers in the world. That said, FTP is a 50 year old protocol and lacks some of the more sophisticated capabilities for security and performance found in our direct integrations, such as our Desktop, Mobile, and Web apps, SDKs, API, and Command Line app. Additionally, corporate firewalls commonly interfere with FTP traffic.
Please visit our Preferred Apps For File Transfer page to learn about and download the Files.com native apps as an alternative to FTP.
We offer FTP primarily for customers who are forced to use it, typically because they are interacting with a legacy application or legacy hardware that only supports FTP.
For those customers, we are happy to help you get FTP to work, but be aware that it will never be as fast or secure as our native apps.
Files.com operates a proprietary FTP server software that we build and maintain in-house using our full-time employees. Our server is compatible with all applicable FTP standards and is tested against many popular FTP clients.
Tip: Set the number of simultaneous connections to the maximum supported by your FTP client.
To increase the number of simultaneous connections in FileZilla, go to Edit > Settings > Transfers and increase the Maximum simultaneous transfers setting to 10.
To increase the number of simultaneous connections in Cyberduck, first go to Edit > Preferences > Transfers and set Transfer Files to "Open multiple connections".
Then, go to to Window > Transfers and increase the counter in the lower right to the maximum.
To ensure the highest level of security, Files.com requires encryption on all connections (including FTP connections) by default.
Administrators can allow plain/unencrypted FTP connections to their Files.com site by following these steps:
- Sign in to the web interface as an administrator.
- Navigate to Settings > Integrations and click the Plain/unencrypted FTP Support setting.
- Select Allow plain/unencrypted FTP connections and click Save.
If you wish to only allow insecure FTP connections for certain users, you can instead override the global requirement for those users by adjusting the user setting at Settings > Users > [username] > Other connections > Plain/unencrypted FTP support to "Allow plain/unencrypted FTP connections".
Files.com supports both implicit and explicit mode FTP and FTPS. FTP uses ports to infer the exact connection profile, so here's a full list of what's supported:
- FTPS (implicit FTP over TLS) on ports 990 and 3990
- FTPeS (explicit FTP over TLS) on ports 21 and 3021
- Plain, insecure FTP on port 21 (disabled by default, but can be enabled if your business needs require it)
- Passive (PASV) mode on ports 40000 to 50000
Both active and passive mode FTP connections are supported.
In active mode, Files.com will attempt to connect back to the FTP client using the random data port that the FTP client specified. This requires you to configure inbound firewall rules from Files.com to your FTP client.
In passive (PASV) mode, your FTP client will attempt to connect to Files.com on a random port between 40000 and 50000. This requires you to configure outbound firewall rules from your FTP client to Files.com.
Files.com supports setting a custom root folder on a per-user basis, and it will apply only to FTP connections (and optionally also SFTP connections), but not anywhere else such as the web, mobile, or desktop app.
This is meant for applications that are unable to change directories appropriately in order to look in the right place for files.
This setting is not a security setting and does not restrict the user from accessing other folders via mechanisms other than FTP. You should use Permissions to set access controls on a per folder basis.
Set this on a user by going to Setting > Users and then look under the Other Connections section.
If set, Files.com will act as if the selected folder is the root folder for any given FTP session.
This setting may also be optionally applied to SFTP connections via the SFTP client root folders setting on the Settings > Integrations page.
FTP, being a legacy protocol, offers a built in facility for converting line endings on text files between LF format and CRLF format. CRLF is most commonly used by Windows applications, while LF is most commonly used by UNIX/Linux/macOS based applications.
The FTP Protocol and many FTP clients call this setting "ASCII Mode". When ASCII Mode is enabled, files with lines ending in CRLF format will be converted to LF format when uploaded to Files.com, and LF format will be converted to CRLF format when downloaded from Files.com. This behavior is almost always undesirable, and we recommend not using it.
In nearly all use cases, you should use the "Binary mode" setting in your FTP clients, which will tell the FTP files never to make content changes to the file.
Files.com also offers a setting under Settings > Integrations > FTP mode behavior that will completely neuter the ASCII setting and tell our server to ignore it even if provided. This emulates the behavior of the built in FTP server software that is included with most Microsoft Windows Server releases. This setting may be required if you are migrating certain legacy applications or dealing with customers where you aren't able to effectively control how they've set the ASCII/Binary setting.
Most of the time, FTP connection issues are caused by firewalls or incorrect settings in FTP software. The below steps will help you resolve these issues.
We are often met with resistance by customers who don't want to perform these steps because a given connection may have worked in the past but isn't working now. In our experience, the change that caused the problem is usually on the customer side, and that's why we'd really like you to go through and verify all of the following things before asking us for further help.
If we end up doing a Zoom call together to troubleshoot, these steps are exactly what we will do together.
On probably 9 out of 10 support calls for FTP, the root cause is a customer or customer counterparty's corporate or network firewall. FTP is very commonly blocked by firewalls, and often firewall changes can introduce new blocks that didn't previously exist. Furthermore, FTP has two separate modes, Passive and Active mode, which can interact with firewalls in unpredictable ways.
The approach should be to find a set of settings that will work for a particular network/firewall, and this may vary across your userbase depending on what corporate or network firewalls they find themselves behind.
- Have you manually whitelisted any IP addresses anywhere? If so, you need to all of the appropriate IPs are whitelisted, not just some of them.
- If your site uses a custom domain, you have two dedicated IPs that need to be whitelisted in your firewall. You can find your dedicated IPs by going to Settings > Integrations and scroll to Firewall configuration. If you have a custom domain, you also need to ensure that you are connecting to it, and not to [your_subdomain].files.com.
- If you do not have a custom domain, ensure that our main IPs on this list are whitelisted, not just some of them. There are quite a lot of IPs on that list (over 80 at last count) and you need to whitelist all IPs or else you will experience failures. If whitelisting that many IP addresses is a problem for you, the solution is to move to a custom domain. This will get you a pair of IP addresses you can whitelist (see the prior bullet.)
- See if you need to ask for an IP whitelist. If you have not whitelisted IP addresses, maybe your firewall administrator requires this for FTP traffic. Please submit a request to your network or firewall administrator to allow FTP port 21 and 40000-50000 traffic to all of the IPs on this list. If your firewall team does not allow whitelisting port 21 traffic, ask for port 3021 instead and see the next bullet point.
- Try other ports. - By default, FTP is used on port 21. Files.com also supports 990, 3021, and 3990 as alternate ports. Many firewalls will allow traffic on port 3021 despite blocking it on port 21. We recommend testing this next if you have exhausted other firewall issues. In many cases, simply using the alternate port will get your corporate firewall to let the connection through.
- Try toggling Active/Passive mode. - Many FTP clients offer a choice of "Active Mode" vs "Passive Mode". Files.com supports both, but your corporate or network firewall might block one or the other. We recommend testing both options in conjunction with testing the alternate ports in the above step.
The following connection settings are the next most common issues related to FTP. Please double check all of the following things:
- Hostname -The hostname should be set to [your_subdomain].files.com or the custom domain for your site, if applicable. Connecting by specifying an IP address may sometimes work, and we do have customers doing this for specific reasons, but it is not officially supported.
- Encryption - If supported in your client, encryption should be enabled. Some clients show this as a protocol setting, offering FTPS or FTPeS (with the "S" meaning "secure"). This means data will be encrypted in transit. If you are unable to use encryption, in your FTP client, insecure FTP without encryption must be enabled in your Files.com account.
- Port - The "port" setting is a great way to work around corporate firewalls. The default FTP port of 21 is blocked or interfered with by many corporate firewalls. You can test port 3021 as an alternate port if you suspect possible firewall issues. Some FTP clients use "implicit security mode", which runs on port 990. In this case, we also support port 3990 as an alternative. In many cases, simply using the alternate port will get your corporate firewall to let the connection through.
- Active/Passive - Many FTP clients offer a choice of "Active Mode" vs "Passive Mode". Files.com supports both, but your corporate firewall might block one or the other. We recommend testing both options in conjunction with testing the alternate ports in the above step.
- Timeout - If supported in your client, please increase the connection timeout value to 60 seconds.
- Retry Logic - If supported in your client, have your client attempt three connection retries at 10 second intervals. This allows failed connections contacting one server to retry the connection via a different server. Our hostnames always resolve to multiple physical server hosts in different datacenter locations. Ensure that your FTP client tries multiple IPs when available.
- Keepalives - Files.com will time out FTP sessions that have been idle for 60 seconds. This is to prevent unused sessions from being left open and using server resources. Such idle timeouts are normal, and most FTP clients handle them without issue, but there are some clients that may not handle these timeouts gracefully. To prevent these idle timeouts, many clients offer a "keepalive" setting. Many FTP clients will complete transfers in progress and then will connect again upon the user issuing another command. If your client aborts a transfer or errors out due to the idle timeout message, you can implement keepalives (either null packets or dummy commands) every 30 seconds to maintain the FTP connection and avoid the timeout messages.
If you have confirmed all of the above, here are some remaining things that have caused FTP issues for some of our customers.
- Verify that the username is enabled, and that the username and password are correct. Go to Settings > Users > [select user] and verify that the Account enabled setting is turned on. Under the Authentication tab in that user's settings, verify that the Authentication method is not set to "none".
- The user might have FTP disabled in their settings. Go to Settings > Users > [select user]. Select the Privileges tab, and scroll to Protocol access section and check for FTP. You might discover here that FTP is disabled for your entire site due to not having purchased our Enterprise Connectivity Addon (ECA). If that's the case, we can connect you to an account manager who can get that added for you.
- If the user has Two Factor Authentication (2FA) Enabled, be aware that only certain 2FA methods work with FTP. The Two Factor Authentication documentation page has more information on this.. Additionally, when using 2FA with FTP, you need to disable any parallelism in your FTP client, because 2FA is only valid for one connection at a time. (In a later step we will suggest maxing out the available parallelism in your client for performance. 2FA is a case where this would not be available.)
- If your site or user is subject to an IP whitelist, the user must access the site using one of the whitelisted IPs from either list. You can manage IP whitelists for all users by going to Settings > Users > User Settings and scroll to the IP whitelists section. You may add additional IPs for an individual user by going to Settings > Users > [select user]. Select the Authentication tab and scroll to the IP whitelists section.
Using an FTP program to upload and download files is simply a different way to transfer files. Depending on your needs you may find that using an FTP program is better for you. The other method to transfer files using Files.com is through the web interface.
The program we will use for this tutorial is FileZilla, an easy and free FTP program, though any other FTP client you wish to use will work just fine.
First, download and install FileZilla from their website.
Next, open FileZilla. At the top of the window is the Quickconnect bar. Enter ftpes://app.files.com/ into the Host box, and enter your username and password into the Username and Password boxes. Click Quickconnect.
NOTE: Because we used ftpes:// rather than ftp://, Filezilla will connect via secure encrypted FTP, which is almost always preferred.
If all was entered correctly, FileZilla will connect to your site and show your files in your account on the right side of the screen under the heading Remote Site. In the left side under the heading Local Site are your computer’s files.
To copy files to your site, simply drag them to the right pane. To download files from your site, drag them from the right pane to the left pane.
FileZilla offers a resume feature for both uploads and downloads. If a file transfer is interrupted due to connectivity loss or closing of the application, the transfer can be resumed by reinitiating the action. For example, you can attempt to start the download again. When you do this you will be prompted with the options replace, rename or resume. Choosing resume will continue your download or upload transfer where you left off before the interruption.
The program we will use to connect to Files.com will be Cyberduck. It’s free and easy to use for the purposes of this tutorial, though any FTP program will work just fine.
Once you’ve downloaded Cyberduck and open it for the first time, you will need to click Open Connection from the menu bar on the top left.
From the new connection dialog choose FTP-SSL (Explicit AUTH TLS) from the drop down. This will connect you to your site securely.
Then enter the address of your Files.com site into the Server field and your username and password into their respective boxes. You may want to select Add to Keychain to save your credentials to your Mac’s password manager. Next, hit Connect.
If you entered everything correctly you’ll see your Files.com site and its content. You can do most things from the Action menu, including uploading and downloading.
In addition, you can add files by dragging and dropping them directly into the Cyberduck window. You can also download files by double-clicking on a file name.
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.Start My Free Trial