Connection Settings In Your FTP App

The sections below cover the most common FTP connection settings you need when connecting to Files.com.

Credentials

Supply valid credentials for the FTP connection. Anonymous FTP access is not supported by Files.com so that only authorized users have access to sensitive information.

When you are connecting to FTP as a specific user, provide the username and the information required for their authentication method.

To connect with a password, verify that the user's Authentication method is not set to none. Files.com also supports using an API key as the password for FTP logins; when you connect in this way, the username is @api-[key-id or API key name]. When the authentication method for a user is none, the user account can only authenticate using an API Key or an SSH/SFTP Key.

If the user has Two Factor Authentication (2FA) Enabled, only certain 2FA methods work with FTP. When using 2FA with FTP, you must disable any parallelism in your FTP app, because 2FA is only valid for one connection at a time.

When a user has problems logging in using FTP(S), a straightforward test is to have the user log in through the Files.com web interface. If the same user can't log into the web interface, that eliminates FTP(S) as the cause.

Validate User Account Settings

Check common user settings that prevent an account from being able to connect with FTP.

User accounts that have been disabled cannot use FTP or FTPS to connect, because disabling an account is intended to prevent an account from accessing your site.

When FTP/FTPS protocol access is disabled for a user account, that user cannot log in with FTP. This lets the Site Administrator control exactly how specific users connect to the site. The same restriction also applies through group-level protocol access; when protocol access is controlled at the group level, the user account must be a member of a group that has FTP/FTPS protocol access. Both options let Site Administrators control connection methods for specific business processes at the right level of granularity.

If the user account is configured to Require password change on next login, FTP login will not succeed until the password has been changed. Password-change prompts can only be completed in the web interface. Complete the change there, then retry FTP.

Validate Site Settings That Block User Access

Some non-recommended site-wide security settings can prevent a user from connecting to FTP even when the user account is correctly set up. When a user cannot connect, check whether these features are blocking them.

IP Whitelisting at the site or the user level is not recommended because it frequently blocks legitimate use. When the site or user enforces an IP whitelist, the user must access the site using one of the whitelisted IPs from either list. Check your site IP whitelists and your user's settings to verify that the IP address that FTP connections are being made from are allowed.

Another setting that can block a user's FTP access is Access Control by Country. This feature is provided for companies operating in regulated environments who must enforce those restrictions, but is not appropriate for most of our customers. We don't recommend configuring Allowed Countries and Disallowed Countries because the geographic location of an IP address is never exact. It is always approximated and is affected by the use of a VPN or other tunneling protocol.

Hostname

Set the hostname to [your_subdomain].files.com or, if your account uses a custom domain, use that address instead. Connecting to your custom domain address lets Files.com serve the correct SSL certificate for your site and avoids hostname mismatch errors.

Avoid Using IP Addresses for Connections

Although some connections require specifying IP addresses in their configuration, Files.com does not recommend connecting with an IP address. We recommend using hostnames rather than IP addresses because words are easier for human users to check for correctness, and because the Files.com platform is a global platform with many IP addresses and regional routing implications.

Server's Certificate is Unknown

FTPS users often receive a prompt such as The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted. when attempting to connect using an FTP client.

The TLS/SSL certificate used for FTPS is the same certificate that is used for your Files.com site's web portal. This applies to both implicit (port 990) and explicit (port 21) versions of FTPS.

FTP clients commonly use a Trust On First Use model that always prompts the user to accept every certificate, even when that certificate is trusted. The FTP client shows the certificate details so the user can inspect the certificate information and compare it to their destination site. The prompt is displayed on the first connection attempt to every new site. The user can permanently trust the certificate so the same prompt does not appear on every subsequent connection to the same site.

FTP client apps check the fully qualified domain name (FQDN) of the presented TLS/SSL certificate against the name of the FTP site that is being connected to. If they do not match, the client warns that this connection might not be secure. Make sure your FTP users are connecting to the same fully qualified domain name as defined in your TLS/SSL certificate.

Port

Your port selection can help you work around corporate firewalls. The default FTP port 21 is frequently blocked or restricted. If you experience connection problems, try port 3021 as an alternative.

Some clients use Implicit security mode, which operates on port 990. For that mode, Files.com also provides port 3990. Testing these alternate ports often resolves firewall-related issues and restores connectivity.

Encryption

Enable encryption in your FTP client whenever possible. Most clients list this as a protocol option, such as FTPS or FTPeS, where the "S" stands for secure. These settings keep your data encrypted while it's in transit between your client and Files.com.

If your client cannot use encryption, you can still connect by allowing unencrypted FTP in your Files.com account settings. Only use this option when encryption is not supported, since unencrypted connections send data in plain text and expose sensitive information.

Files.com supports both Implicit and Explicit FTPS encryption modes.

If your client reports invalid, self-signed, or expired SSL certificates when connecting, check your DNS configuration to confirm that you're resolving the hostname correctly.

Active vs Passive Mode

The FTP protocol supports two data connection modes: Active and Passive. Use Passive mode whenever possible, and confirm that the Files.com Passive port range (40000 to 50000) is open in your firewall.

Using Passive mode avoids inbound connection problems and works best across firewalls and NAT networks. Avoid Active mode unless no firewall exists between your FTP client and Files.com.

Timeout

Increase the connection timeout in your client to 60 seconds, if the option is available. A longer timeout helps maintain stable connections when network latency is high.

Retry Logic

Configure your client to retry failed connections 3 times at 10-second intervals. This gives the client time to contact a different server if one host is temporarily unreachable.

Files.com hostnames resolve to multiple servers in separate datacenter locations. Make sure your client attempts connections to multiple IP addresses when possible to take advantage of this redundancy.

Keepalives

Files.com automatically ends FTP sessions that remain idle for more than 60 seconds to conserve server resources. Most clients handle this gracefully, but some may not.

If your client disconnects or errors out after being idle, enable a keepalive feature. Sending a null packet or lightweight command every 30 seconds prevents the connection from timing out. Clients still complete transfers in progress and reconnect automatically for new commands. Keepalives keep your session active and stable during longer workflows.