Documentation forServ-U File Server

Learn About Protocols

FTP Voyager supports three file transfer protocols:

FTP File Transfer Protocol. The world's most popular protocol used to upload and download files. However, transfers are not protected in transit and may be snooped.
FTPS FTP over SSL/TLS. A secure protocol that uses TLS to encrypt usernames, passwords and data while in transit. (SSL/TLS is the same encryption used to secure web sites using HTTPS.) FTPS is more common on Windows, minicomputer and mainframe systems than SFTP. Other than encryption and authentication, FTPS is quite similar to FTP.
SFTP SSH FTP. A secure protocol that uses SSH to encrypt usernames, passwords and data while in transit. SFTP is more common on Unix/Linux systems and Mac systems than FTPS. Unlike FTP and FTPS, SFTP is a single-port protocol based on SSH and has several advanced behaviors and options that set it apart from FTP or FTPS.

FTP and FTPS: ASCII vs. Binary

FTP and FTPS transfer files differently depending on whether those files have been deemed to be "text" or "binary data". In the case of text, FTP and FTPS will change the "end of line" characters in an attempt to match the preference of the destination operating systems. (Windows and Linux systems use different character sequences to end lines in their text files.)

Normally you do not need to worry about this, but if you notice that files transferred through FTP Voyager are getting corrupted, see File Becomes Corrupted After Transfer in FTP Voyager JV to see if your ASCII/Binary settings need to be tuned.

FTP and FTPS: Active vs. Passive

FTP and FTPS both use multiple connections to perform file transfers. The first "control" connection is always made to a defined TCP port such as 21 or 990, but all directory listing and file transfer data is passed through additional "data" connections.

In "passive" mode (a.k.a. PASV), both control and data connections are made from your FTP client to the FTP server. If you use a firewall, your firewall only has to allow outbound connections to the remote server for this to work, so passive mode is also known as "firewall friendly" mode in some products.

"Active" mode is how FTP originally worked, and it is still supported (and occasionally required) by many servers. In active mode, the control connection is made from the FTP client but all data connections are made from the FTP server to the FTP client. (Yes, back the other way.) In order for this to work, you usually need either no firewalls or firewalls that understand the FTP protocol and can dynamically open ports between clients and servers that look like they are performing ACTIVE mode FTP transfers.

Network security teams prefer passive mode of course, and it is supported by default on almost all modern clients and servers. FTP Voyager also enables passive mode by default, but this setting can be overridden on a site-by-site basis located within the Advanced Options of the Site Profile Manager under Connection settings (Force PASV Mode) for the occasional server that requires active mode.

How FTP Voyager Handles FTPS

FTPS is a complex protocol, and FTP Voyager provides four FTPS options to address the four most common server configurations. When in doubt, try connecting using each of these options in the following order.

Exception: start with FTP over TLS (Implicit) if your server administrator told you to connect to port 990.

FTP over TLS (Explicit) The current variant of FTPS and one that often uses port 21, the same port as regular FTP. The "explicit" reference refers to the fact that an encrypted channel is not set up until the client sends specific "start encryption" commands over an already established FTP command channel. If RFC 4217 (Securing FTP with TLS) or RFC 2228 (FTP Security Extensions) compliance is required, use this.
FTP over SSL (Explicit) An older variant of FTP over TLS (Explicit). This is the other mode to try if RFC 2228 (FTP Security Extensions) compliance is required.
FTP over TLS (Implicit) A different implementation of FTPS that often uses port 990, a different port than regular FTP. The "implicit" reference refers to the fact that the encrypted channel is set up immediately ("implicitly") after the connection is established. Implicit FTPS remains a popular FTPS variant because it runs on a separate port from regular FTP and its "always on" encryption gives it a slight security advantage over explicit FTPS. However, implicit FTP is neither RFC 2228 (FTP Security Extensions) nor RFC 4217 (Securing FTP with TLS) compliant.
FTP over SSL (Implicit) A older variant of FTP over TLS (Implicit).

Selecting a Protocol

Your server administrator will typically tell you which protocol you must use to connect to his or her server. However, when you have a choice, you may use the following chart to select the best protocol for your transfers.

Secure Transfer

Strong Authentication

Single Firewall Port

Speed Great Great OK

Strong Authentication refers to the ability of both FTPS and SFTP to accept a certificate (or key) in addition to a username and password when signing on. Using this additional credential provides a higher degree of assurance that you are who you say you are.

Single Firewall Port refers to the fact that SFTP connects, send commands and transfers files using just one TCP connection to one remote port. FTP and FTPS both use separate control and data connections, and while the control port is usually fixed (e.g., 21 or 990), the data port will usually vary over a range of high (>1023) ports. (The data port may also be an INBOUND connection to the FTP client - see Active vs. Passive above.)

Speed refers to each protocol's ability to complete multiple or large transfers quickly. While SFTP offers some advantages over FTP and FTPS in ease-of-use through the use of a single port, it generally pays for those advantages with lower transfer speeds.