Legacy implementations can access the staging server through an FTP client or the command line. For the best performance, we recommend FileZilla®.
If you are experiencing issues uploading large files, increase the FTP client timeout setting to 180 seconds.
Use the following settings with an FTP client:
vlt-{POD_ID}-ftp.veevavault.com
. For example, if you Vault is on POD VV1-42, your POD_ID
is 42
. This value will change if your Vault is migrated to a different POD. {vaultDNS}.veevavault.com
. For example, veepharm
is the domain in veepharm.veevavault.com
. This does not work in all configurations.{vaultDNS}.veevavault.com+{username}
verteo.veevavault.com+johndoe@verteo.com
The staging server does not support SAML SSO authentication.
If you have remote verification enabled on a proxy or a firewall, FTP traffic from computers on your network to Veeva file staging servers might be refused. If possible, work with your IT department to disable remote verification. If it cannot be disabled, contact Veeva Support.
In addition to your FTP client settings, your network environment may require some modification. Before trying to connect to the File Staging Server via FTP, ensure your network and firewall are configured as follows.
Outbound firewall filters must permit TCP traffic on these ports to the Host:
vlt-{POD_ID}-ftp.veevavault.com
IP address.Firewall filters should be configured by IP address, not DNS name. Your network team can retrieve the address from DNS. Some firewalls will use the DNS name for reverse lookups, which will fail. Others will scan the TLS handshake to get the connection domain name value and fail the data connections as they do not look like normal web traffic.
If the client is behind a Network Address Translation (NAT) device, the NAT device must ensure that all connections generated by the FTP session are translated to the same source IP address. NAT devices with IP address pools without “stickiness” are incompatible with the FTP service. This limitation also impacts Active-Active firewalls with separate NAT addresses but without “stickiness” for the TCP connections.