Upload Logs using FTPS
If your network allows file transfers using FTPS instead of SFTP or SCP, you can upload log files by enabling FTPS on the appliance. To do this, you must first generate and install an SSL certificate. Server side certificates are required to enable SSL inspection. You can use either a self-signed certificate or a CA certificate preferably signed by the enterprise's Root or intermediate CA.
Make sure that the server certificate of the appliance uses a fully-qualified domain name as the common name.
Enter the command:
set log-upload ftps server-cert
Copy and paste your CA certificate into the buffer, press Enter, then type
Ctrl-Dto exit.Enter the command:
set log-upload ftps server-key
Copy and paste your private key into the buffer, press the Enter key, and then enter
Ctrl-Dto exit.If you are not using a CA and want the appliance to generate a self-signed certificate, use the following command:
run request certificate generate ftps self-signed city <city> common-name <common-name> country <country> days <days> email-address <email-address> organization <organization> organization-unit <organization-unit> state <state>
Here's an example command to generate self-signed certificate:
run request certificate generate ftps self-signed city "Los Altos" common-name "sforwarder.netskope.com" organization "netskope" organization-unit "netskope cert authority" state "CA" country "US" email-address "admin@netskope.com"
Enable log upload for FTPS:
set log-upload ftps enable true
Enter
saveand press Enter to save the configuration.