The Wizard
When you first launch Cerberus FTP Server, the Getting Started Wizard will guide you through the essential steps of configuring the server for client connections. By the end of this process, your server will be fully equipped to accept connections from a range of clients, including FTP, FTPS, SSH SFTP, and HTTP/S.
Step 1 – Licensing
Cerberus FTP Server offers a 25-day trial of the Enterprise edition. To start the trial, click Next.
Once the trial period ends, Cerberus FTP Server will operate with restricted functionality. A message indicating that the server is unregistered will be added to the server welcome message for each connection. In order to continue using Cerberus beyond the trial period, it is necessary to purchase a full license.
Licensing
Step 2 – Initial User Creation
The User Creation page will allow you to automatically create a simple user account with access to a directory on the local machine. You can use this account to test out your initial connection to the server. You can turn off the creation of the user account by unchecking the “Create an Initial User?” checkbox.
By default, an anonymous user will be created under the User Manager. The default anonymous user will have download and upload-only access to the “C:\ftproot” directory as their root drive. This directory will be created if it does not already exist. Please note, the default settings for the anonymous user allow anyone to connect to your FTP server without specifying a password. Using the default settings, anyone can view and download any file from your “C:\ftproot” directory and any subdirectories of that directory. To disallow anonymous access to Cerberus FTP Server, uncheck the “Create Initial user” box and the anonymous user will not be added.
You can further customize the newly added user, or create and manage additional users, through the User Manager after the “Getting Started” wizard has finished.
Step 3 – Network Setup
Public IP Auto-detection for Passive Mode FTP
Configuring basic FTP access to your server can be complex, especially when it comes to preparing the machine to accept FTP data connections. Unlike SSH SFTP or HTTP/S protocols, FTP requires two connections for each client session, making it more complicated. The first connection is used to exchange commands and status between the FTP server and the client, while the second connection is created every time a directory listing or file transfer takes place. To establish the secondary data connection, the FTP server has to respond with an IP address and port that the client can connect over. To simplify this process, the server can be configured to automatically detect the IP address of the server on the Internet and use it when sending the client connection instructions.
Upon clicking the Next button on the Network Setup page, you will be prompted with a dialog asking whether to enable Cerberus' automatic detection of your public IP address. We highly recommend selecting Yes to ensure Cerberus correctly identifies and utilizes the external IP address for passive FTP data connections requested by clients.
Network Setup
The Network Setup page detects basic network settings and tries to provide advice on any changes that may need to be made because of the computer’s network configuration.
Network Setup
Step 4 – Security
The last page of the Getting Started Wizard will allow the administrator to configure a few basic server security settings.
Cerberus FTP Server fully supports TLSv1+/SSLv3 encryption over FTP (FTPS), HTTPS, and SSH SFTP. To enable FTPS, HTTPS, and SSH SFTP support, a digital certificate must be generated for the server. This digital certificate contains the necessary security data to allow the server to establish encrypted connections with clients.
Cerberus FTP Server will automatically generate a new, self-signed certificate for you the first time you run the Getting Started Wizard. You can replace the certificate at any time through the Security page of the Server Manager.
Web Administration Password
The Security Wizard page allows you to set up a single password that can be used for both web administration and remote API access.t is recommended to set a strong password, regardless of whether or not you use web administration. Keep in mind that the password strength estimation meter is merely a guide and should not be solely relied upon. While it will flag obviously weak passwords, there is no official weighting system, so use it as a loose guide to improve your password.
Protocol Security
The last option allows you to configure the server to only accept encrypted FTP connections. Normal FTP has no encryption and therefore allows passwords and data to be transmitted unencrypted over a network.
Fortunately, it is possible to establish a normal unencrypted FTP connection and then “upgrade” the connection to secure encryption through special FTP commands (this enhanced protocol is called FTPES). This type of connection depends on the client issuing FTP commands instructing the server to establish encryption before accepting login credentials. However, the client can also continue as a normal FTP connection without enabling encryption. This situation allows for unencrypted connections and presents a security issue for servers.
If you wish to allow FTPES secure connections, but not FTP, then you must instruct the server to require encryption before allowing a connection to proceed.
Checking this option does exactly that. It requires the client to upgrade the connection to use encryption before allowing login.
Final Steps
To finalize the setup process, simply click the Finish button on the Getting Started Wizard. Your server is now equipped to receive local network connections from FTP/S, SSH SFTP, or HTTP/S. However, to allow external access to your server from outside your local network, please refer to the next section for any necessary adjustments to your firewall or router.
Comments
0 comments
Please sign in to leave a comment.