Download (Pull) File from Host Action

(Requires File Transfer Client module in EFT SMB; included in EFT Enterprise) You can configure an Event Rule to copy or download from a specific location to a specified local folder using a particular protocol when an Event occurs. You must provide EFT with connection information (protocol and login details) and file information (source path and destination path).The Download Action is available with all Events except Site Stopped and Service Stopped.

Refer to EventRuleExamples.pdf for an example of defining an Event Rule using the Download file from host Action.

Refer to Connection Profiles for details of setting up a Connection Profile before defining the Action.

To set up EFT to download files

  1. Follow the procedure in Creating Event Rules or select the Rule to which you want to add the Action.

  2. In the Actions list, click Download (pull) file from host. The Rule parameters are added to the Rule in the Rule Builder.

  3. Click one of the undefined parameters where the parameters are listed in the Rule Builder. The Download Action wizard appears.

  4. In the Connection Profile box, specify a connection profile for this Event. If none is specified, you will need to configure the Connection details as described below.

  5. Click the list to specify a Download method for the connection: Local (Local File or LAN), FTP (standard File Transfer Protocol), FTP SSL/TLS (AUTH TLS), FTP with SSL (Explicit encryption), FTP with SSL (Implicit encryption), SFTP using SSH2 (Secure Shell), HTTP (HyperText Transfer Protocol), HTTPS (Secure HTTP access), Accelerated Secure Transfer.

  6. (Optional) If you selected Local (Local Files or LAN), provide the Windows account username and Password for connecting to remote shares (not local folders).

    These credentials are used only if/when a resource cannot be accessed using the credentials under which the EFT service is running. The Optional credentials override feature allows you to specify an alternate set of logon credentials for accessing remote network shares to which the EFT service account may not have access (due to security constraints). If alternate credentials are specified, EFT will use its current security token (associated with the “Log on as” account specified in the EFT service settings) for local folder access and then new security token (associated with the alternate logon credentials) for the remote source folder accessed over network connections (e.g. network shares).

    Think of Local Transfer as an operation (offload or download) with a remote server.

    Think of "Optional credentials override") as "credentials to access remote server."

    For download action, it is "credentials for source folder."

    For copy/move (offload ), it is "credentials for destination folder."


    "Credentials to access local folder" ("source" for offload and "dest" for download) is Event Rule execution context (EFT account, or Folder Monitor account for FM rules, or Connected Client account for client-originated rules on an AD site):

    • Offload: local (EFT) => remote ("override credentials")

    • Download: local (EFT) <= remote ("override credentials")

    TEST1: Offloads file from "local" Share A (access as EFT account, i.e., X) to "remote" folder B (access as Y) => Fails, as X has no permissions on A.

    TEST2: Downloads file from "remote" Share A (access as Y) to "local" folder B (access as EFT account, i.e., X) => Succeeds, as Y has permissions on A and X has permissions on B.

  7. If you chose anything but Local do the following; otherwise, skip to the Source File page step.

    1. In the Host address box, type the IP or host address of the EFT to which you want to connect.

    2. The Port number for the selected protocol changes automatically based on the offload method. Provide a different port number, if necessary.

    3. In the Username and Password boxes, type the username and password used to authenticate.

  8. Select the Use connected client's login credentials to authenticate check box if you want to use the local system account to authenticate. The availability of this check box is controlled by the Persist username and password credentials for use in Event Rule context variables check box on the Site's Security tab.

  9. If you chose SFTP, provide the client SFTP certificate information.

  10. If you chose a protocol that uses SSL (FTPS or HTTPS), provide the client and remote server's SSL certificate information.

    1. In the Client SSL Certificate Path box, click the folder to specify the client SSL certificate path.

    2. In the Client SSL Private Key Path box, click the folder to specify the client SSL private key path.

    3. In the Client SSL Private Key Passphrase box, provide the passphrase for the client SSL certificate.

    4. In the Server SSL Certificate box, specify the remote server's certificate file. It is recommended, especially for production systems, that the EFT administrator obtain the remote server's SSL certificate and save it as a file in a place accessible by the EFT server service (such as the shared configuration path in HA mode or a local configuration path). EFT will validate that the server side of any SSL-based connection made for that event action will match the server certificate. If you do not specify an SSL certificate in this box, EFT will accept any server-provided SSL certificate, which would leave the connection open to a man-in-the-middle attack.

  11. If you connect to EFT through a proxy server, click Proxy. The Proxy Settings dialog box appears.

    1. Specify the Proxy type, Host name, Port, Username, and Password.

      Using the DMZ Gateway as proxy is available only in EFT Enterprise. For security best practices, selecting PORT mode in the Advanced Options dialog box below is not allowed when brokering outbound connections through DMZ Gateway.

    2. To specify an Authentication Type and login sequence, click Advanced. You must select FTP Proxy or HTTP Proxy to specify advanced settings.

    3. Specify one of the following Authentication Types:

      • USER user@site if your proxy server requires the USER command followed by your user name and the Site name to allow connection with a remote Site. You can change the @ symbol if a different separator is required by your proxy server.

      • SITE site if your proxy server requires the SITE command followed by the address of the remote FTP site to allow a connection.

      • USER with logon if your proxy server requires the USER command followed by a user name and password to allow connection with a remote Site.

      • USER/PASS/ACCT if your proxy server requires all three commands before allowing a connection to a remote Site.

      • OPEN site if your proxy server requires the OPEN command followed by the Site name before allowing connection to the Site.

      • Custom if your proxy server requires a login sequence different from those above. Refer to the procedure below for details of creating a custom authentication method (login sequence).

      • To create a custom authentication method for a proxy server

        1. In the Advanced Proxy Settings dialog box, click Custom, then specify the login sequence in the text box using the following variables: %host%, % user%, %pass%, %port%, %fire_pass%, %fire_user%. Be sure to type each variable with percent signs before and after, and press ENTER to separate commands.

        2. Type any other commands and variables, separating commands with a line break (press ENTER).

        3. Click OK to accept the changes and close the Advanced Proxy Settings dialog box.

        Contact your system administrator for the proper Host name, Port, User name, Password, and proxy type, as well as any required advanced authentication methods.

  12. Click OK to accept the changes and close the Advanced Proxy Settings dialog box.

  13. If you connect to EFT through a Socks server, click SOCKS.

    1. Specify the Socks Type (SOCKS4 or SOCKS5).

    2. Specify the Host name and Port.

    3. If you specified SOCKS5 and the server requires authentication, select the Use Authentication check box, then provide a Username and Password.

    4. Click OK to save the changes and close the SOCKS Settings dialog box.

  14. To configure advanced transfer options, in the Download Action wizard, click Advanced. The Advanced Options dialog box appears.

    1. In the General transfer options area, you can provide more control over Max concurrent transfer threads, Connection timeout, Connection retry attempts, and Delay between retries. When files are being transferred with Event Rules (copy/move), if there are connection problems (e.g., the network is unavailable), EFT will attempt to establish a connection the number of times specified in Connection retry attempts. When EFT is able to re-establish the connection, it continues to transfer the file even if there are multiple interruptions.

    2. In the Use the following local IP for outbound connections box, click the menu to specify an IP address. If the computer has multiple IP addresses available and/or both IPv4 and IPv6 addresses, you can let EFT choose which IP address to use or you can specify which one it is to use.

    3. Select the Validate file integrity after transfer check box to specify that EFT should double check binary files to ensure the files downloaded completely and correctly. (Not applicable to SFTP.)

    4. In the Data port mode box, click the drop-down list and select one of the following (not applicable to SFTP):

      • Auto—When Auto is selected, EFT initially makes connections in PASV mode. If the PASV connection fails, EFT attempts to connect in PORT mode automatically.

      • Port—When Port mode is selected, EFT opens an additional port and tells the remote server to connect to <IP:PORT_RANGE> to establish a data connection. This is useful when the server is behind a firewall that closes all unnecessary ports. If you select this mode, specify the port range from which the client will choose.

      • Pasv—When Pasv mode is selected, EFT tells the remote server to provide <IP:PORT> to which EFT can connect to establish a data connection. This is useful when a client is behind a firewall that closes all unnecessary ports. Helps avoid conflicts with security systems

    5. Select the Clear command channel check box to send FTP commands in clear text. (Only available when FTPS is specified.)

    6. Select the Clear data channel check box to transfer files without encryption. (Only available when FTPS is specified.)

    7. In the ASCII transfer mode area, specify the file types that can be transferred. TXT, INF, HTML, and HTM are specified by default. If an asterisk (*) is specified, all files are downloaded in ASCII mode, even if that file doesn't have an extension. (To conserve Unicode file content, you must transfer the file using binary transfer mode. To force download in binary, clear the file types box.)

    8. In the Time stamps area, select one of the following:

      • Select the Preserve remote time stamp for downloaded files check box to keep the time stamp the same on the destination file as it is on remote file.

      • Select the Preserve the local time stamp for uploaded files if the server allows MDTM check box to keep the time stamp the same on the remote file as it is on the source file. (Not applicable to SFTP.)

    9. Click OK to accept the changes and close the Advanced Options dialog box.

  15. Click Next. The Source File Path page appears.

  16. In the Source path box, provide the path to the file(s) that you want to download. For example, type:

    /pub/usr/jsmith/file.txt or \\mydomain\common\jsmith\file.txt

    If you type a path to a remote folder that does not exist, the Event Rule will fail.

  17. Select the Delete source file after it is downloaded check box if you want to delete the file after it is retrieved. (If the file is marked read-only, it will not be deleted.)

  18. For LAN/local transfers only, select the If the source file is missing treat as success check box if you want the Action to be considered successful even if the source file is missing.

  19. Click Next. The Destination File Folder page appears.

  20. In the Destination folder box, click the folder icon  and specify the location in which to save the downloaded file. You can insert variables by double-clicking them in the box below the Destination folder box.

    If you type a path to a remote folder that does not exist, the Event Rule will fail.

  21. Click Finish, then click Apply to save the changes on EFT and/or add other Actions and Conditions to the Rule.