The Wizard
The Getting Started Wizard will appear when you start Cerberus FTP Server for the first time. The wizard is designed to walk you through the basic steps of configuring the server to allow clients to connect. At the end of the Getting Started Wizard, your server should be ready to accept connections from FTP, FTPS, SSH SFTP, and HTTP clients.
Step 1 – Licensing
The Licensing page allows the administrator to select the licensing option most appropriate for their intended use of Cerberus FTP Server.
- Selecting As a Company, Government entity, or Educational institution enables a 25 day trial period of the Enterprise edition of Cerberus FTP Server. During the trial period, the server will perform and function as the Enterprise edition. Cerberus FTP Server reverts to the Home edition after the evaluation period expires and a message indicating that the server is unregistered will be added to the server welcome message for each connection. At any time, including after the trial period has expired or even if “For Personal Use” was selected at startup, Cerberus may be turned into the full commercial Personal, Standard, Professional, or Enterprise edition by entering a valid registration code into the license dialog.
- Selecting the For Personal, Home Use Only option immediately causes Cerberus to function as the Home edition. This license is only permitted for at home, personal use of the FTP server. The Home edition is limited to at most 5 simultaneous FTP or FTPS connections. A message indicating that the server is Cerberus FTP Server Home edition will also appear in the FTP welcome message whenever a client connects to the server.
Licensing
Step 2 – Initial User Creation
The User Creation page will allow you to automatically create a simple user account with access to a directory on the local machine. You can use this account to test out your initial connection to the server. You can turn off the creation of the user account by un-checking the “Create an Initial User?” checkbox.
By default, an anonymous user will be created under the User Manager. The default anonymous user will have download and upload-only access to the “C:\ftproot” directory as their root drive. This directory will be created if it does not already exist. Please note, the default settings for the anonymous user allow anyone to connect to your FTP server without specifying a password. Using the default settings, anyone can view and download any file from your “C:\ftproot” directory and any subdirectories of that directory. To disallow anonymous access to Cerberus FTP Server, uncheck the “Create Initial user” box and the anonymous user will not be added.
You can further customize the newly added user, or create and manage additional users, through the User Manager after the “Getting Started” wizard has finished.
Step 3 – Network Setup
Public IP Auto-detection for Passive Mode FTP
The most complex task of configuring basic FTP access to your server is preparing the machine to accept FTP data connections. Unlike the SSH SFTP or HTTP/S protocols, FTP is complicated by the need for two connections for each client session. The first connection is established when the client initially connects and is used to exchange commands and status between the FTP server and the client. A second connection is created every time a directory listing or file transfer takes place. Whenever a directory listing or file transfer is requested, the FTP server has to respond with an IP address and port that the client can connect over to establish the secondary data connection. To aid the server in determining what IP address to give to the client, the server can be configured to automatically detect the IP address of the server on the Internet and use this IP address when sending the client connection instructions.
After clicking the Next button on the Network Setup page a dialog prompt will ask whether you want to allow Cerberus to automatically attempt to detect your public IP address. We normally recommend you answer Yes here. Answering yes will instruct Cerberus to automatically attempt to detect and use the correct external IP address when clients request passive FTP data connections.
Network Setup
The Network Setup page detects basic network settings and tries to provide advice on any changes that may need to be made because of the computer’s network configuration.
Network Setup
Step 4 – Security
The last page of the Getting Started Wizard will allow the administrator to configure a few basic server security settings.
Cerberus FTP Server fully supports TLSv1+/SSLv3 encryption over FTP (FTPS), HTTPS, and SSH SFTP. To enable FTPS, HTTPS, and SSH SFTP support, a digital certificate must be generated for the server. This digital certificate contains the necessary security data to allow the server to establish encrypted connections with clients.
Cerberus FTP Server will automatically generate a new, self-signed certificate for you the first time you run the Getting Started Wizard. You can replace the certificate at any time through the Security page of the Server Manager.
Web Administration Password
On the Security Wizard page you also have the option to configure a password for web administration and remote API access. You should set a strong password here even if you are not using web administration. Please note that the password strength estimation meter is only meant as a guide. It will flag obviously poor passwords but there is no official weighting system and this meter should only be utilized as a loose guide to improving your password.
Protocol Security
The last option allows you to configure the server to only accept encrypted FTP connections. Normal FTP has no encryption and therefore allows passwords and data to be transmitted unencrypted over a network.
Fortunately, it is possible to establish a normal unencrypted FTP connection and then “upgrade” the connection to secure encryption through special FTP commands (this enhanced protocol is called FTPES). This type of connection depends on the client issuing FTP commands instructing the server to establish encryption before accepting login credentials. However, the client can also continue as a normal FTP connection without enabling encryption. This situation allows for unencrypted connections and presents a security issue for servers.
If you wish to allow FTPES secure connections, but not FTP, then you must instruct the server to require encryption before allowing a connection to proceed.
Checking this option does exactly that. It requires the client to upgrade the connection to use encryption before allowing login.
Final Steps
Click the Finish button to complete the Getting Started Wizard. Your server is now ready to accept local network FTP/S, SSH SFTP, or HTTP/S web client connections. Please take a look at the next section for any changes that might need to be made to your firewall or router to allow connection from outside of your local network to reach your server.
Comments
0 comments
Please sign in to leave a comment.