Blog

EFT Network Usage and Security Settings

A variety of controls are provided in the EFT administration interface to allow the administrator to limit how files are transferred through EFT, including limiting the transfer speed, connections, logins, and the transfers themselves. The Site sets the limit for all sub levels. For example, if the Site's Max connections per user is 5, and a user's Max connections per user is set to 10, the user can still only connect to the Server 5 times simultaneously. Keep reading to learn how you can fine tune your EFT installation.

Limiting the Transfer Speed

For example, you might want to limit the transfer speed to prevent flooding the connection and allow other transfers to occur at the same time. None of these network usage settings is enabled by default, except for connection timeout. The Maximum transfer speed is the maximum speed at which data is transferred between the server and the client. This can be set by the administrator to control the network traffic and server performance. The speed of the data transfer is controlled using the congestion control mechanisms of TCP/IP, which means that packets are dropped at the link layer and thus the sender/receiver pace themselves appropriately. Internally, a buffer is used to send the data in chunks. The server controls this buffer size so that the speed is maintained accordingly.

Limiting Socket Connections

The Maximum concurrent socket connections setting limits the amount of socket or low-level connections on a Site allowed by EFT. When this limit is reached, any subsequent connection attempt generates a socket or network error in the client. It reacts as if EFT is not available, because EFT refuses the connection entirely. If EFT is configured as an anonymous FTP server, you should limit connections per user. In this case, EFT will allow the user to connect partially before being told that EFT is full or busy, which is a more graceful way of denying the connection. Maximum number of socket connections to EFT is configured per Site. If you have multiple Sites, you can configure some Sites to allow more users than other Sites.

Limiting User Logins

The Maximum concurrent logins, Maximum connections per user, and Maximum connections from same IP settings limit the number of simultaneous connections allowed.

Limiting File Transfers

The Uploads/Downloads per session and Maximum upload/download size settings limits the number of file transfers and size of file transfers allowed per login session for the Settings Template or per user. FTP does not send information to EFT regarding the number of bytes that a user sends. A user can start a transfer of virtually any size; however, once the limit is reached, EFT will not transfer the rest of the file (on FTP).

Controlling Access to EFT by IP Address

By default, all IP addresses are granted access to EFT. Alternatively, you can grant access to only one specific IP address or a range of IP addresses, or deny access to one specific address or a range of addresses on the Server, Site, Settings Template, and user accounts.

Also, EFT can ban IP addresses automatically if excessive invalid commands are received from that address (which could indicate unauthorized connection attempts). By default, after 5 invalid commands are received, the IP address is banned. Depending on the sensitivity level defined, EFT can ban an IP address for a time period proportional to the sensitivity setting (from Off to Very High), or ban the IP permanently. (If an address was blocked inadvertently, you can remove it from the IP address ban list.)

How much control you want is up to you

EFT provides very granular settings to control every part of the file transfer. The default settings "out of the box" are fine for most companies, but the controls allow you to fine tune EFT as you see fit.