Local FTP Server

A Local FTP Server is a type of Endpoint that represents an FTP(S) server that the system hosts locally to enable secure file transfers.

This Endpoint type provides the essential infrastructure for accepting incoming FTP(S) connections and initiating file transfers through secure, configurable Pipelines.

It functions as a virtual server that requires proper management for file transfer operations. Local FTP Server Endpoints function exclusively as a Source Endpoint within a Pipeline of type UDMG as FTP(S) Server.

Before You Begin

Listener IP Address and Port

The Listener IP Address and Port together define the local listening address for this Local FTP Server Endpoint:

Listener IP Address is the local IPv4 address that the UDMG Server binds to for this listener. If you set Listener IP Address to 0.0.0.0, UDMG binds to all IPv4 interfaces on the host. If you set a specific IP (for example, 192.168.1.10), UDMG accepts connections only on that IP.
Port is the TCP port on that same host where the listener accepts connections.

When creating a new Endpoint, avoid selecting a Listener IP Address/Port pair that is already assigned to another Endpoint (in any Domains) or used by another service.

Although UDMG allows multiple Endpoints to use the same Listener IP Address/Port combination, only one of those Endpoints—and therefore its associated Pipelines—can be active at a time.

The following considerations apply:

No Cross-Domain Validation: The system does not automatically prevent duplicate Listener IP Address/Port combinations within or across Domains.
Manual Validation Required: After configuring an Endpoint, always use the Validate button to see if the Listener IP Address/Port combination is already in use by another service (across all Domains). This action does not check if the IP/port can be specifically used by the Endpoint. See Validating the Configuration for more information.

TLS Certificate Pair

Each Local FTP Server Endpoint (with Encryption Mode set to Implicit or Explicit) that accepts FTPS connections requires a TLS Certificate Pair, which provides the server's TLS identity. When an FTPS client connects using FTPS, UDMG presents the configured TLS Certificate Pair during the TLS handshake, allowing the client to verify the Local FTPS Server's identity, authenticate the server, and negotiate an encrypted channel for FTP commands and data transfers.

The Credential (Credential Type: TLS Certificate Pair) must first be created on the Credentials page before it is selected in the configuration. See the FTP(S) page for information regarding supported and default FTP(S) information.

Encryption Mode

The Encryption Mode specifies how the Local FTP Server handles encryption. The available options are:

None (FTP): Allows clients to connect insecurely (plain text FTP). This mode is not recommended.
Explicit (FTPES): Allows clients to request the server to create a secured session using SSL/TLS.
Implicit (FTPS): Allows clients to connect to an implicit port where SSL/TLS encryption is automatically enforced from the initial connection. UDMG does not support forced explicit as an Encryption Mode.

Adding an Endpoint

To add an Endpoint, follow these steps:

From the Sidebar, select Configuration > Endpoints.
Click Add Endpoint.
Select Local FTP Server in the Endpoint Type dropdown.
Complete the Name and Description details for the new Endpoint.
Enter the Listener IP Address and Port (Control Channel).
Select the Passive IP Address, Passive Port Start Range, and Passive Port End Range.
Select the Encryption Mode, specifying how the Local FTP Server will handle encryption.
Select the TLS Certificate Pair you created earlier from the Credentials Name (TLS Certificate Pair) dropdown.
Choose whether the Endpoint should be enabled to auto-start or require manual restarting.
Click Add to create the Endpoint.
Click Validate to confirm that the IP address and port combination is not already in use by another service (across all Domains). See Validating the Configuration.
Click Start to launch the server. See Starting, Stopping, and Restarting Endpoints.

warning

UDMG allows creating identical Endpoints with unique names, but this practice is strongly discouraged due to potential downstream complications.

Field Descriptions

The following table describes the fields that are configured for the Endpoint:

Name	Description	Specifications	Required
Endpoint Type	Select Local FTP Server to expose an FTP(S) listener that receives partners connections.	The type cannot be changed after creation.	Yes
Name	The name of the Local FTP Server Endpoint.	Must be unique. Must follow the Standard Naming Pattern.	Yes
Description	The description of the Local FTP Server Endpoint.		No
Listener IP Address	The local IPv4 address that the UDMG Server binds to for this FTP(S) listener.	Must be in IPv4 format.	Yes
Port (Control Channel)	The port number of the Local FTP(S) Server. The port is likely to be in the ephemeral range for `49152`-`65535` as per RFC 6335 or `32768`-`60999` on Linux. The port is in the system range for `1`-`1023` as per RFC 6335.	Must be between `1` and `65535`. Should not be a port already associated with another Endpoint or service.	Yes
Passive IP Address	The public IP address returned to the client along with the PASV port address. This IP must be reachable by the client (typically your load balancer IP).	Must be in IPv4 format.	Yes
Passive Port Start Range	The passive port number of the Local FTP(S) Server. tip Recommended port range between `20000` and `30000`.	Must be between `1024` and `65535`.	Yes
Passive End Start Range	The passive port number of the Local FTP(S) Server. tip Recommended port range between `20000` and `30000`.	Must be between `1024` and `65535`.	Yes
Banner String	An optional welcome banner that is displayed to FTP(S) clients.		No
Encryption Mode	Select whether to allow encrypted or plaintext FTP. Options: None (FTP) Implicit (FTPS) Explicit (FTPES)		Yes, if Implicit or Explicit.
Credentials Name (TLS Certificate Pair)	The name of the TLS Certificate containing the X.509 Public Certificate and corresponding Private Key for this server.	Must reference an already created X509 Certificate.	Yes
Max Number of Concurrent Connections	The maximum number of concurrent connections the server allows. If a maximum value is set, the server rejects new transfers once the limit is reached.	Default = 0, which means unlimited.	No
Auto-Start Endpoint	Endpoint's auto-start status. See Auto-Starting Endpoints.	Default is Enabled.	Yes

Editing an Endpoint

To edit an Endpoint, follow these steps:

From the Sidebar, select Configuration > Endpoint.
Click the Name field of the Endpoint you want to edit.
Click Stop above the Endpoint details. As noted above, configuration changes only take effect following an Endpoint restart or stop/start cycle.
Click Edit above the Endpoint details.
Edit details for the Endpoint, using the Field Descriptions table as a guide.
Click Update.
Click Restart or Stop/Start.

info

Configuration changes remain inactive until the Local FTP Server Endpoint is restarted and the Account disconnects/reconnects to its client.

After changes are made, restart the Endpoint to apply the changes. All active connections are terminated.

Managing an Endpoint

The Local FTP Server Endpoint has multiple management capabilities that allow you to manage and validate the Endpoint.

Viewing Endpoint Details

To view the details of an Endpoint, follow these steps:

From the Sidebar, select Configuration > Endpoint.
Click the Name of the Endpoint you want to view.
Additionally, click the Pipelines tab to see all the Pipelines the Endpoint is associated with.

Endpoint Metadata

Endpoint details include all parameters given in the Field Descriptions table, plus the following read-only metadata:

Name	Description
UUID	Universally Unique Identifier of this Endpoint.
Version	Version number of the configuration. Every change increases the number.
Created	Date and time this Endpoint was created.
Updated	Date and time this Endpoint was last updated.
Test Status	Status of the Validate Endpoint configuration test. Options: Test not executed Test passed Test error
Runtime Status	The status of the server Endpoint. Options: Running Stopped Error: listen tcp 0.0.0.0:2041: bind: address already in use
Active Sessions	The number of active sessions or connections opened with the Endpoint (i.e., Accounts connected to the Endpoint).

Validating the Configuration

The configuration can be validated to confirm if the Local FTP Server Endpoint's Listener IP Address/Port combination is used by another service (across all Domains). It is important to note that, even if a port is not being used elsewhere in UDMG, it is not necessarily available.

tip

Port 21 is the standard and most common port for FTP or FTPES file transfers. Avoid using:

Ports already taken by other Endpoints.
Ports 1344, 111, and 81.
UDMG Server ports (most likely 7070/7071, 8080/8081, 4222/6222) .
Ports blocked by your IT controls.

To validate the configuration, stop the Endpoint first (click the Stop button) and then click the Validate button. One of the following messages appears:

Error/Fail: 'Endpoint test has failed. The port #### on address #.#.#.# is already in use.'
- If validation fails, then the Listener IP Address/Port is not available and should not be used. You must review and modify the Listener IP Address/Port combination.
  
  info
  If the Endpoint's Runtime Status is Running, then the validation test will fail because the Listener IP Address/Port is being used by that Endpoint.
Pass: 'Endpoint has passed the test.'
- If validation passes, the Listener IP Address/Port is not currently being used by another service.
  
  info
  The test does not confirm if the Listener IP Address/Port can be used by the Endpoint. The Listener IP Address/Port must be available based on your network IT controls, such as firewalls.

Starting, Stopping, and Restarting Endpoints

Local FTP Server Endpoints function as virtual servers that require proper management for file transfer operations. After initial creation, these Endpoints must be activated before they can process transfers. Endpoints can be initiated through one method:

Manual Start: Click the Start button on the Details page.

Additionally, configuration changes only take effect following an Endpoint restart or stop/start cycle. Once the Endpoint is running, three control actions are available from the Details page:

Start: Launches the Endpoint connection when currently stopped.
Stop: Initiates the shutdown of the Endpoint. New connections are not allowed, while the pending sessions remain until they are disconnected. Utilize the Active Sessions field on the Details page.
Restart: Executes a complete stop/start sequence to apply configuration changes.

After the initial server creation and initiation, the Endpoint has a Runtime Status indicator that shows the real-time operational state of the server. The current status determines which management actions can be performed. The current state (Runtime Status) of each Local FTP Server Endpoint is displayed in the Endpoint Record Table and Details page with the following statuses:

Starting: Server is starting, but not operational yet.
Running: Server is operational and processing connections.
Stopped: Server is not running. Especially after a Stop request, it is possible that sessions remain until they disconnect. Utilize the Active Sessions field on the Details page.
Error: listen tcp 0.0.0.0:2041: bind: address already in use: Server's IP/Port is in use on another Endpoint (across all Domains).

Auto-Starting Endpoints

Local FTP Server Endpoints can be configured for auto-start functionality, allowing them to launch automatically if the UDMG server is stopped after initial creation or upon startup of the UDMG server. This setting is established during Endpoint creation and can be modified later.

Enabled: The Endpoint automatically starts without manual intervention after the UDMG server is stopped (Auto-start active).
Disabled: The Endpoint remains inactive until manually started after the UDMG server is stopped (Auto-start inactive).

To set an to auto-start, follow these steps:

From the Sidebar, select Configuration > Endpoints.
Click the Name of the Endpoint you want to update.
Click Edit.
If the Endpoint is currently auto-started, you can remove the auto-start feature by moving the toggle to the left.
Click Update.

info

The Auto-Start Endpoint status is reflected as the Enabled field on the Details page.

Deleting an Endpoint

To delete an Endpoint, follow these steps:

From the Sidebar, select Configuration > Endpoints.
Click the Name of the Endpoint you want to delete.
Click Delete above the Endpoint details.
You will be asked to confirm the deletion. Click Delete.

warning

UDMG prevents the deletion of a Configuration Item if it is currently referenced by another Configuration Item (i.e., Pipeline). The Configuration Item must be edited or the reference removed before you can delete the Endpoint. Deletion cannot be undone.

Before You Begin​

Listener IP Address and Port​

TLS Certificate Pair​

Encryption Mode​

Adding an Endpoint​

Field Descriptions​

Editing an Endpoint​

Managing an Endpoint​

Viewing Endpoint Details​

Endpoint Metadata​

Validating the Configuration​

Starting, Stopping, and Restarting Endpoints​

Auto-Starting Endpoints​

Deleting an Endpoint​