Transparent FTP tunneling is completely transparent from the user's point of view, and no changes are needed in the FTP configuration. The existing FTP client and FTP server are kept running.

Transparent FTP tunneling only supports tunneling the FTP protocol, not any other applications. For tunneling of TCP-based applications, use the transparent TCP tunneling functionality, see Transparent TCP Tunneling.

The destination host must have a Secure Shell Server installed. Also note that the host key for the server must already be saved as a known host key. To save the host key, connect to the server with sshg3 and save the host key sent by the server. For instructions, see First Login to a Remote Host.

When enabling transparent FTP tunneling, consider also how the server host keys will be handled. You can choose between strict host key checking and accepting even unknown keys for the current session. For configuration instructions, see Managing Host Keys.

	Caution
	Consider carefully before enabling Accept unknown host keys. Disabling the host-key checks can make you vulnerable to a man-in-the-middle attack.

When a global configuration file exists, (for example when Tectia ConnectSecure is controlled by Tectia Manager,) and it includes the filter-engine element, those settings are applied. The global configuration file is located in /etc/ssh2/ssh-broker-config.xml on Unix, and "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Broker\ssh-broker-config.xml" on Windows.