Page tree

Contents

This section describes how to configure file distribution services such as TFTP, FTP and HTTP. This section also describes how to configure access control lists which determine which clients are granted access to the service, and which clients are denied access to the service.

Configuring the TFTP Service

The TFTP file distribution service is disabled on the appliance by default. To allow file distribution access using TFTP, you must specify the clients that are allowed to use the service and then enable the service on the appliance. If you do not specify this information or enable the service, the appliance denies access to all clients. The appliance provides read-only access to the files.

The TFTP service is supported only on LAN1 and MGMT interfaces. For more information, see Configuring Ethernet Ports.

To configure the TFTP file distribution service on a member:

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Edit icon.
  2. In the Member File Distribution Properties editor, select the TFTP tab, and then complete the following:
    • Listen on Port: Enter the number of the port on which the appliance receives TFTP file distribution requests.
      The default is port 69.
    • Allow file transfers from: Configure the appliance to grant or deny permissions to TFTP file distribution requests from clients, as described in Configuring Access Control for File Distribution.
  3. Save the configuration and click Restart if it appears at the top of the screen.

After you configure the TFTP service, you must enable the service to allow file distribution access. For information, see Starting and Stopping File Distribution Services.
Configuring the FTP Service
The FTP file distribution service is disabled on the appliance by default. To allow file distribution access using FTP, you must create at least one user (see Managing Users), specify the clients that are allowed to use the service, and then enable the FTP service on the appliance. If you do not specify this information or enable the service, the appliance denies access to all clients. User creation is not necessary to access the FTP service if anonymous is enabled at Grid level.The appliance provides read-only access to the files.
To configure the FTP file distribution service on a member:

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Edit icon.
  2. In the Member File Distribution Properties editor, select the FTP tab, and then complete the following:
    • Listen on Port: Enter the number of the port on which the appliance receives FTP file distribution requests. The default is port 21.
    • Login Banner: Enter your own login banner text that appears after you establish an FTP connection or use the default (Restricted Access Only).
    • FTP Passive Mode: By default, this is selected to enable FTP in passive mode; otherwise, it is in active mode. An FTP connection between a client and server can be in active or passive mode. In active mode, the server initiates the data connection. In passive mode, the client initiates the data connection. Depending on your firewall policy, firewalls can block active mode connections. There is no firewall filtering in passive mode.
    • FTP File Listing: Select this to allow users to list files and subdirectories on the appliance.
    • Allow file transfers from: Configure the appliance to grant or deny permissions to FTP file distribution requests from clients, as described in Configuring Access Control for File Distribution.
  3. Save the configuration and click Restart if it appears at the top of the screen.


Enabling FTP Anonymous User
The 'anonymous' FTP login is disabled by default, except when upgrading an earlier version in which case anonymous FTP is automatically enabled.
When you enable anonymous FTP at Grid level, you enable anonymous FTP on all Grid members running the FTP service. Anonymous user is only allowed to download files, even if the member is enabled to allow uploads.

  1. From the Data Management tab, select Grid File Distribution Properties on the toolbar.
  2. In the Grid File Distribution Properties dialog box, select the Enable Anonymous FTP checkbox.
  3. Click Save & Close.

Configuring the HT TP Service

To allow file distribution access using HTTP, you must specify clients that can request the service and then enable the HTTP service on the appliance.
Before you enable the HTTP service, however, be aware of the following configuration rules:

  • HTTP only runs on the active member of an HA pair.
  • HTTP can run on the master or any member.
  • HTTP always runs on the LAN port, never the MGMT port.
  • HTTP to HTTPS redirect becomes non-functional if the file distribution service is enabled and all administrative access is run on the LAN port. For more information on HTTP redirect, see Enabling HTTP Redirection. For information on how to specify the MGMT port for HTTP, see Using the MGMT Port. To configure the HTTP file distribution service on a member:
  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Edit icon.
  2. In the Member File Distribution Properties editor, select the HTTP tab, and then complete the following:
    • Allow Any: This is selected by default to allow HTTP file distribution requests from any client.
    • Only these addresses: Select this to configure the access control list for allowing HTTP file distribution requests from clients, as described in Configuring Access Control for File Distribution.
  3. Save the configuration and click Restart if it appears at the top of the screen.

Configuring Access Control for File Dist ribution

You can select a named access control list (ACL) or create individual access control entries (ACEs) for each file distribution service (TFTP, FTP, HTTP) to control access to file distribution requests from specific clients. You can grant or deny access from specific IPv4 addresses and IPv4 networks, but you cannot do so for IPv6 addresses and IPv6 networks as well as TSIG key based ACEs.

Note

For HTTP service, you can grant permissions to all clients or specific clients, but you can deny permissions only to all clients, not specific clients.


When you grant access to a network for a specific file distribution service, all clients in the network are allowed to request file distribution service. You can deny services to specific IP addresses within the network by adding these addresses to an access control list and denying access to the service. Ensure that you list these IP addresses before the network address in the list because the appliance applies permissions to the addresses in the order they are listed. You can use the arrow keys to move the addresses up and down the list after you add them. For information about how to create a named ACL, see Configuring Access Control.
To configure an access control list for a file distribution service:

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Edit icon.
  2. In the Member File Distribution Properties editor, select a service tab: TFTP, FTP, or HTTP.
  3. In the Allow these clients to perform file transfers section, select one of the following:
    • For TFTP and FTP: None: Select this to deny any clients from using the TFTP and FTP file distribution services. This is selected by default.
    • For HTTP: Any: Select this to allow any clients to use the HTTP file distribution service. This is selected by default.
    • Named ACL: Select this and click Select Named ACL to select a named ACL that contains only IPv4 addresses and networks. File distribution does not support IPv6 addresses/networks and TSIG key based ACEs. When you select this, the appliance allows clients that have the Allow permission in the named ACL to use the file distribution service. You can click Clear to remove the selected named ACL.
    • Set of ACEs: Select this to configure individual access control entries (ACEs). Click the Add icon and select one of the following from the drop-down list. Depending on the item you select, Grid Manager either adds a row for the selected item or expands the panel so you can specify additional information about the item you are adding.
      • IPv4 Address: Select this to add an IPv4 address. Click the Value field and enter the IP address. The Permission column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.
      • IPv4 Network: In the Add IPv4 Network panel, complete the following, and then click Add to add the network to the list:
        • Address: Enter an IPv4 network address and either type a netmask or move the slider to the desired netmask.
        • Permission: Select Allow or Deny from the drop-down list.
      • Any Address/Network: For TFTP and FTP only. Select this to allow or deny access to all IPv4 addresses and networks. The default permission is Allow, which means that the appliance allows access to and from all IPv4 clients. You can change this to Deny to block access.
        After you have added access control entries, you can do the following:
      • Select the ACEs that you want to consolidate and put into a new named ACL. Click the Create new named ACL icon and enter a name in the Convert to Named ACL dialog box. The appliance creates a new named ACL and adds it to the Named ACL panel. Note that the ACEs you configure for this operation stay intact.
      • Reorder the list of ACEs using the up and down arrows next to the table.
      • Select an ACE and click the Edit icon to modify the entry.
      • Select an ACE and click the Delete icon to delete the entry. You can select multiple ACEs for deletion.
  4. Save the configuration and click Restart if it appears at the top of the screen.

Modifying Access Control Lists

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Edit icon.
  2. In the Member File Distribution Properties editor, select the tab of the service to which the list belongs.
  3. In the Allow file transfers from section, modify the fields as described in Configuring Access Control for File Distribution.

You can also do the following:

  • Add a new permission. For information, see Configuring Access Control for File Distribution.
  • Delete a permission by selecting it and clicking the Delete icon.
  • Reorder the list by selecting a permission and clicking an arrow next to the list to move the permission up or down the list.

Starting and Stopping File Distribution Services

You can enable and disable a file distribution service on a specific Grid member or on multiple members. You must have read/write permission to the Grid members to start and stop a service on them.

Starting a service on a member:

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Start icon from the Toolbar. You can select multiple members by selecting their checkboxes.
  2. From the Start drop-down menu, select the service you want to start.
  3. In the Start Service dialog box, click Yes.
    Grid Manager enables the selected service on the selected member and displays the service status in the Status column in the panel.

Stopping a service on a member:

  1. From the Data Management tab, select the File Distribution tab -> Members tab -> member checkbox, and then click the Stop icon from the Toolbar. You can select multiple members by selecting their checkboxes.
  2. From the Stop drop-down menu, select the service you want to stop.
  3. In the Stop Service dialog box, click Yes.
    Grid Manager disables the selected service on the selected member and displays the service status in the Status column in the panel.

    Note

    When you start or stop a service, there may be a short delay before Grid Manager displays the correct status.

Monitoring File Distribution Services

To view the current status of the file distribution services:

  1. From the Data Management tab, select the File Distribution tab -> Members tab.
  2. Grid Manager displays the following information:
    • Name: The name of the Grid member.
    • Address: The IP address of the Grid member.
    • Status: The overall status of the file distribution services running on the member. You can mouse over on the field to view the status of each service. This field can display one of the following:
      • Not Running: All the file distribution services are disabled.
      • Running: One or more of the file distribution services are running properly.
      • Warning: The services are functioning properly. However, there are some issues, such as storage space has reached 90%, about the services.
      • Error: One or more of the services have service issues.
    • Comment: Information about the member.
    • Site: The location to which the member belongs. This is one of the pre-defined extensible attributes.

You can sort the information in ascending or descending order by columns. You can also print and export the information in this panel.