How to Connect Legacy Implementations via FTP

Legacy implementations can access the staging server through an FTP client or the command line. For the best performance, we recommend FileZilla®.

If you are experiencing issues uploading large files, increase the FTP client timeout setting to 180 seconds.

Client Settings

Use the following settings with an FTP client:

The staging server does not support SAML SSO authentication.

If you have remote verification enabled on a proxy or a firewall, FTP traffic from computers on your network to Veeva file staging servers might be refused. If possible, work with your IT department to disable remote verification. If it cannot be disabled, contact Veeva Support.

Network & Firewall Settings

In addition to your FTP client settings, your network environment may require some modification. Before trying to connect to the File Staging Server via FTP, ensure your network and firewall are configured as follows.

Outbound firewall filters must permit TCP traffic on these ports to the Host:

Firewall filters should be configured by IP address, not DNS name. Your network team can retrieve the address from DNS. Some firewalls will use the DNS name for reverse lookups, which will fail. Others will scan the TLS handshake to get the connection domain name value and fail the data connections as they do not look like normal web traffic.

If the client is behind a Network Address Translation (NAT) device, the NAT device must ensure that all connections generated by the FTP session are translated to the same source IP address. NAT devices with IP address pools without “stickiness” are incompatible with the FTP service. This limitation also impacts Active-Active firewalls with separate NAT addresses but without “stickiness” for the TCP connections.