Connection Settings In Your FTP App

The items below address the most common FTP connection settings you need when connecting to Files.com.

Credentials

Supply valid credentials for the FTP connection. Anonymous FTP access is not supported by Files.com so that only authorized users have access to sensitive information.

When you are connecting to FTP as a specific user, provide the username and the information required for their authentication method.

To connect with a password, verify that the user's Authentication method is not set to none. Files.com also supports using an API key as the password for FTP logins; when you connect in this way, the username is @api-[key-id or API key name]. When the authentication method for a user is none, the user account can only authenticate by using an API Key or an SSH/SFTP Key.

If the user has Two Factor Authentication (2FA) Enabled, only certain 2FA methods work with FTP. When using 2FA with FTP, you must disable any parallelism in your FTP app, because 2FA is only valid for one connection at a time.

When a user is having problems logging in using FTP(S), a straightforward test is for the user to log in using the Files.com web interface. If the same user can't log into the web interface, this eliminates FTP(S) as the cause.

Validate User Account Settings

Check common user settings that prevent an account from being able to connect with FTP.

User accounts that have been disabled cannot use FTP or FTPS to connect, because disabling an account is intended to prevent an account from accessing your site.

When FTP/FTPS protocol access is disabled for a user account, that user cannot login with FTP. This allows the Site Administrator to control exactly how specific users can connect to the site. Another way this restriction is implemented is by restricting which protocols a group can use; When you control protocol access at the group level, the user account must be a member of a group that has FTP/FTPS protocol access. The goal with both of these options is to allow Site Administrators to control connection methods for specific business processes at the correct, granular level needed.

If the user account has been configured to Require password change on next login then FTP login will not succeed until the password has been changed. Password-change prompts can only be completed in the web interface. Complete the change there, then retry FTP.

Validate Site Settings That Block User Access

Some non-recommended site-wide security settings can prevent a user from connecting to FTP even when the user account is correctly set up. When a user cannot connect, check whether these features are blocking them.

IP Whitelisting at the site or the user level is not recommended because it frequently blocks legitimate use. When the site or user enforces an IP whitelist, the user must access the site using one of the whitelisted IPs from either list. Check your site IP whitelists and your user's settings to verify that the IP address that FTP connections are being made from are allowed.

Another setting that can block user's FTP access is Access Control by Country. This feature is provided for companies operating in regulated environments who must enforce those restrictions, but is not appropriate for most of our customers. We don't recommend configuring Allowed Countries and Disallowed Countries because the geographic location of an IP address is never exact; It is always approximated and is affected by the use of a VPN or other tunneling protocol.

Hostname

Set the hostname to [your_subdomain].files.com or, if your account uses a custom domain, use that address instead. Connecting to your custom domain address ensures that Files.com serves the correct SSL certificate for your site, preventing hostname mismatch errors.

Avoid Using IP Addresses for Connections

Although some connections require specifying IP addresses in their configuration, Files.com does not recommend connecting with an IP address. We recommend using hostnames rather than IP addresses because words are easier for human users to check for correctness, and because the Files.com platform is a global platform with many IP addresses and regional routing implications.

Server's Certificate is Unknown

FTPS users often receive a prompt such as The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted. when attempting to connect using an FTP client.

The TLS/SSL certificate used for FTPS is the same certificate that is used for your Files.com site's web portal. This applies to both implicit (port 990) and explicit (port 21) versions of FTPS.

FTP clients commonly use a Trust On First Use model where it will always prompt the user to accept every certificate, even if that certificate should be trusted anyway. The FTP client shows the certificate details so the user can inspect the certificate information to compare it to their destination site. The prompt is displayed on the first connection attempt to every new site. The user can permanently trust the certificate, so they don't get the same prompt every time they connect to the same site.

FTP client apps check the fully qualified domain name (FQDN) of the presented TLS/SSL certificate against the name of the FTP site that is being connected to. If they do not match, the client warns that this connection might not be secure. Make sure your FTP users are connecting to the same fully qualified domain name as defined in your TLS/SSL certificate.

Port

Your port selection can help you work around corporate firewalls. The default FTP port 21 is frequently blocked or restricted. If you experience connection problems, try port 3021 as an alternative.

Some clients use Implicit security mode, which operates on port 990. For that mode, Files.com also provides port 3990. Testing these alternate ports often resolves firewall-related issues and restores connectivity.

Encryption

Enable encryption in your FTP client whenever possible. Most clients list this as a protocol option, such as FTPS or FTPeS, where the “S” stands for secure. Using these settings ensures that your data remains encrypted while it’s in transit between your client and Files.com.

If your client cannot use encryption, you can still connect by allowing unencrypted FTP in your Files.com account settings. Only use this option when encryption is not supported, since unencrypted connections send data in plain text and expose sensitive information.

Files.com supports both Implicit and Explicit FTPS encryption modes.

If your client reports invalid, self-signed, or expired SSL certificates when connecting, check your DNS configuration to ensure you’re resolving the hostname correctly.

Active vs Passive Mode

The FTP protocol supports two data connection modes: Active and Passive. Use Passive mode whenever possible, and ensure that the Files.com Passive port range (40000 to 50000) is open in your firewall.

Using Passive mode avoids inbound connection problems and works best across firewalls and NAT networks. Avoid Active mode unless no firewall exists between your FTP client and Files.com.

Timeout

Increase the connection timeout in your client to 60 seconds, if the option is available. A longer timeout helps maintain stable connections when network latency is high.

Retry Logic

Configure your client to retry failed connections 3 times at 10-second intervals. This gives the client time to contact a different server if one host is temporarily unreachable.

Files.com hostnames resolve to multiple servers in separate datacenter locations. Make sure your client attempts connections to multiple IP addresses when possible to take advantage of this redundancy.

Keepalives

Files.com automatically ends FTP sessions that remain idle for more than 60 seconds to conserve server resources. Most clients handle this gracefully, but some may not.

If your client disconnects or errors out after being idle, enable a keepalive feature. Sending a null packet or lightweight command every 30 seconds prevents the connection from timing out. Clients will still complete transfers in progress and reconnect automatically for new commands. Keepalives ensure your session stays active and stable during longer workflows.