Skip to main content

FTP (Outbound to a Remote)

In addition to Files.com's built-in FTP capabilities for accepting inbound connections via the FTP or FTPS protocols, Files.com also supports connecting outbound to other services via FTP or FTPS.

You can even complete the loop and connect to Files.com via FTP and have Files.com proxy that connection out to another service that also uses FTP, SFTP, WebDAV, or any other outbound connection supported by Files.com.

Files.com's Remote Server Mount feature lets you connect a specific folder on Files.com to the remote server in real time.

That folder then becomes a client, or window, accessing the files stored in your remote server or cloud.

Once you configure a Mount, any operation you perform on or inside that folder acts directly on the remote in real time. Whether you are dropping a file into that folder, deleting a file, creating a subfolder, or performing any other file or folder operation your Files.com user has permissions for, those operations pass through to the remote in real time.

This feature supports use cases such as accessing files on a counterparty (client or vendor)'s cloud without provisioning individual access to individual users, reducing storage costs by using on-premise or bulk storage solutions, and enabling applications to access third-party clouds via the Files.com API, FTP, SFTP, or Files.com Apps.

Alternatively, Files.com's Sync feature lets you push or pull files to or from remote servers. The files exist in both places at the end of the sync process.

A sync can be a "push", where files from your Files.com site are transferred to the remote server, or a "pull" where files are transferred from the remote server to your Files.com site.

Add a Remote Server Using the FTP Protocol

Add a new Remote Server to your site, and select FTP as the remote server type.

You must provide an Internal name for this connection. If you're managing multiple remote servers, make the name clear enough to easily identify this particular connection.

The Hostname and Port are required to create the remote server because they define how Files.com connects to the FTP server, and the Authentication Information provides the credentials to log into the server.

Once your Remote Server is added, you can integrate it with Files.com as either a Remote Server Mount or Sync.

Hostname and Port

The Hostname must be the fully-qualified domain name, with any protocol specified at the front. This must be an address that is publicly resolvable, because the Files.com platform must be able to reach it.

Most of the time, the default port value of 21 is the right choice for FTP. Only use an alternate port if you know the remote server requires it. The other commonly used remote port, 990, typically means that the server requires SSL using the Implicit method. When using port 990, you most likely need to also select Require SSL (Implicit) under the SSL selection.

Authentication Information

Enter the username for the FTP connection, and provide the password. FTP connections do not support the use of SSH/SFTP keys for authentication.

You can enter credentials directly, or select a saved credential from the Remote Server Credential Manager.

IP Addresses Used For Connection

If you have a Custom Domain installed on your site, Files.com has provisioned two dedicated IP addresses for your site and uses them by default for outbound connections to the remote server. Provide these two IP addresses to your counterparties and ask them to whitelist them in any applicable firewall.

If you do not have a Custom Domain installed on your site, you do not have Dedicated IP Addresses provisioned for your site, and Files.com uses its entire pool of IP addresses for connecting outbound to the remote server. If your counterparties maintain an IP Address whitelist, you will need to have them whitelist all of the IPs on this list.

Customers often ask for Dedicated IP addresses as a way to avoid having to ask their counterparty to whitelist a long list of IP addresses.

Files.com offers Dedicated IP Addresses for Remote Server connection purposes through the indirect method of adding a Custom Domain to your site. The custom domain provides the justification for the dedicated IP address.

Files.com automatically provisions a pair of dedicated IP addresses for every site that has a custom domain enabled. FTP, unlike HTTP, requires that every custom domain be hosted on a dedicated IP address in order to have a custom SSL Certificate that matches the domain.

If you have users who restrict outbound access via a firewall, they will only need to whitelist your two dedicated IP addresses, rather than the entire published list of IP addresses (see above).

Dedicated IPs, once provisioned, are used for both inbound connections to your site via your custom domain and for outbound connections from Files.com to certain applicable Remote Servers used for Sync and Remote Server Mount.

By default, Files.com uses your dedicated IP addresses for outbound connections to FTP, SFTP, WebDAV, and S3 Compatible remote servers. You can disable the use of your dedicated IP in these circumstances if you need to. (You might do that if your counterparty has already whitelisted the main Files.com IP range, for example.)

SSL

Files.com uses SSL security for outbound FTP connections wherever possible. You can customize how Files.com uses SSL on this specific remote server connection. The available options are Use If Available, Require SSL (Explicit), Require SSL (Implicit), and Never use.

Choose Require SSL (Explicit) or Require SSL (Implicit) if you know that your remote FTP server supports SSL. This requires SSL, which is the most secure option.

Choose Never if your remote FTP server does not support SSL. This option is insecure.

By default, Files.com ensures that the remote SSL Certificate matches the hostname used for the connection and that the remote SSL Certificate is signed by a trusted Certificate authority. You may relax this requirement by telling Files.com to allow non-matching certificates. This option is insecure.

Maximum Number of Connections

You can configure a maximum number of connections that Files.com will make at a time to the remote FTP server. We recommend the default value of 25, which provides a high level of parallelism and improves performance.

Some server administrators will request that you reduce this number to reduce the pressure on their server. Reducing it too low will reduce performance because requests may have to wait for a free connection before they can complete.

Files.com uses best efforts to honor the maximum number specified here, though it may still burst above this number on certain occasions, such as when moving the connection to another one of our gateway servers internally. As a cloud-based service, we often reconfigure our network in real time to provide optimized performance. If the count ever goes above this number, it returns to the specified number promptly.

Use Moves To Emulate Atomic Uploads to FTP

FTP Remote Servers support the Use Moves To Emulate Atomic Uploads to SFTP option to specify a staging folder path on the remote system.

When this option is used, Files.com uploads files to the specified staging folder first. After the upload completes successfully, Files.com moves the file from the staging folder to the final destination upload folder.

Using a staging folder prevents partially uploaded files from appearing in the destination folder, where they could be detected or processed before the upload is complete. Only fully uploaded files are made available to downstream systems or workflows.

Add Remote Server Mount

Remote Server Mounts are created by mounting them onto an empty folder in Files.com. This folder is generally not the Root of your site, although that is supported if you need it.

Add Sync

After creating the Remote Server, you can use it to perform Syncs between your server and Files.com.

Automations

Folders configured with Remote Server Mount to the FTP server can also be used with automations, letting you include the FTP server's folders as source locations or destinations for your automations.

Troubleshooting

When setting up a Remote Server for FTP, make sure that you configure it to match the configuration required by the remote FTP site. The FTP protocol supports distinct methods and a variety of options that determine whether a client application can connect. If your configuration doesn't match the requirements of the remote FTP site, a successful connection will not be established.

FTPS Methods

The remote FTP site needs to use secure TLS/SSL-based FTP, generally referred to as FTPS. FTPS has been implemented in two non-compatible methods.

The current recommended method is Explicit FTPSExternal LinkThis link leads to an external website and will open in a new tab, which implements TLS on standard FTP ports, starting with TCP port 21.

The older deprecated method is Implicit FTPSExternal LinkThis link leads to an external website and will open in a new tab, which implements TLS on TCP port 990.

Contact the operator of the remote FTP site and confirm which method of FTPS their site supports. Make sure that the configuration for the Remote Server matches the required method.

SSL Certificate Validity

The remote FTPS site needs to use fully valid and chained SSL Certificates. A fully valid certificate has a host name and domain name that match the remote site's host name and domain name, including any wildcards. A fully valid certificate is also valid for the current date. It is not expired and does not contain a start date in the future. Finally, a fully valid certificate is chained to a valid and trusted Certificate Authority.

If any of the above conditions are not met, the remote site is considered untrusted or self-signed. If the remote site is untrusted, or uses a self-signed certificate, you can still connect to it by configuring the Remote Server to allow connections to sites using self-signed certificates.

There are many online tools available for checking the validity of a site's certificate, such as the SSL Shopper SSL checkerExternal LinkThis link leads to an external website and will open in a new tab and the DigiCert SSL certificate checkerExternal LinkThis link leads to an external website and will open in a new tab.

Firewalls

The remote FTP(S) site needs to be configured to allow FTP(S) connections to it. Firewalls at the remote FTP(S) site may be configured to only allow connections from specified IP addresses. Inform the operator of the remote FTP site that you will be connecting from a Files.com IP address. If you have a custom domain specified for your Files.com site, you can also connect from your dedicated IP addresses.

Files.com connects to the remote FTP(S) site using Passive (PASV) Mode. In this mode, the remote FTP(S) site tells Files.com which ports to use in order to traverse any firewalls. The operator of the remote site needs to ensure that these inbound PASV ports are open on their firewall. Each FTP(S) server provides configuration options to specify the range of ports to be used for PASV. The operator or administrator can refer to the documentation of their FTP(S) server to confirm which ports are being used for PASV and ensure that these inbound ports are not being blocked by their firewall. The entire range of inbound PASV ports needs to be open on the firewall, because FTP(S) uses a randomized port within that range each time.

Partial Connectivity

The FTP protocol uses different connection ports for Control and for Data. The Control channel is used for authentication and for control messages, such as listing folder contents and setting transmission options. The Data channel is used for the transmission of file content.

If you can connect and list folder contents but not upload or download file content, a firewall is most likely blocking the PASV Data channels. A common effect of this is a zero-byte file created whenever an upload or download is attempted. Contact the operator or administrator of the remote site's firewall and ask them to ensure that all PASV ports are open on their firewall.