-- Is it possible to activate the NATAddress on SecureRelay?

* The NATAddress parameter can be used as replacement for the ftp exit while Gateway acts as a FTP server in passive mode.
In order to activate it, you need to add the line below to the file configuration.xml (from install_SecureRelay>/conf/):
<NATAddress>IP_Address</NATAddress>
in the <General> section of the configuration.

With the use of NATAddress, the address returned for the PASV commande will be the one defined in the configuration file and not the real address of the machine where SecureRelay is installed.

The parameter <NATAddress>ip_address</NATAddress> from the General tab in configuration.xml is used by XSR RA and Gateway/other application
server to use protocol FTP in passive mode with a NAT device between the XSR RA and the client.

XSR RA will use this parameter to respond to the application server that RA listens on that interface for FTP passive.
It will send a listen reply to the application server with the interface on which he listens (the real one) and with the port (the real port).
If that parameter is set, RA will send that parameter as the interface on which it listens, together with the real port.

The application server will use this address from the listen reply to send it to the client as the answer to the PASV command, actually telling the client to connect to that ip and port for the data connection.

Limitations : A port range needs to be defined to indicate which ports to use for FTP server passive mode. The same range of ports needs to be declared on the NAT device to perform port forwarding to the server hosting the Secure Relay RA component.

This feature works with FTPS explicit and implicit.