Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


ftp (Security ALG)


Hierarchy Level


Configure the ftp function to Specify the File Transfer Protocol (FTP) Application Layer Gateway (ALG) on the device.


  • allow-mismatch-ip-address—Control commands in FTP, such as PORT and EPRT, contain IP addresses internally. If the IP address does not match the source IP at Packet Layer 3, which is the client's IP, the packets are discarded. However, when the allow-mismatch-ip-address option is enabled, these packets are accepted.

  • disable—Disable the FTP ALG. By default, the FTP ALG is enabled. You can enable or disable FTP ALG for both IPV4 and IPV6 mode.

  • ftps-extension—Enable secure FTP and FTP SSL protocols.

  • line-break-extension—Enable line-break-extension. This option will enable the FTP ALG to recognize the LF as line break in addition to the standard CR+LF (carriage return, followed by line feed).

  • traceoptions—Configure FTP ALG tracing options. To specify more than one trace operation, include multiple flag statements.

    • flag—Trace operation to perform.

      • all—Trace all events.

      • extensive—(Optional) Display extensive amount of data.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 11.4.

The tenant option is introduced in Junos OS Release 18.3R1.