Question: How to configure MS-FTP with windows firewall?
- Create a Default FTP site in IIS7/7.5 with the help of this Article
Step 1: Configure the Passive Port Range for the FTP Service
In this section, configure server-level port range for passive connections to the FTP service. Use the following steps:&
Go to IIS 7 Manager. In the Connections pane, click the server-level node in the tree.
1. Double-click the FTP Firewall Support icon in the list of features.
Double-click the FTP Firewall Support icon in the list of features.
Enter a range of values for the Data Channel Port Range.
Once Port range for FTP service is entered, click Apply in Actions pane to save configuration settings.
Step 2: Configure the external IPv4 Address for a specific FTP site
In this section, configure the external IPv4 address for the specific FTP site that was created earlier. Use the following steps:
1. Go to IIS 7 Manager. In the Connections pane, click the FTP site that was created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
Enter the IPv4 address of the external-facing address of corresponding firewall server for the External IP Address of Firewall setting.
Once the external IPv4 address of firewall server is entered, click Apply in the Actions pane to save configuration settings.
Step 3: Configure Windows Firewall Settings (optional)
Windows Server 2008 contains a built-in firewall service to help secure server from network threats. If built-in Windows Firewall options is chosen, then configuration setting to pass the FTP traffic through firewall will be required.
There are a few different configurations to consider while using FTP service with Windows Firewall - whether active or passive FTP connections are used or unencrypted; FTP or FTP over SSL (FTPS) is used. Each of these configurations are described below.
Note: Make sure that following steps are kept in mind while logged in as administrator. This can be accomplished by one of the following methods:
• Log in to your server using the actual account named Administrator.
• Log on using an account with administrator privileges, open a command-prompt by right-clicking the Command Prompt menu item that is located in the Accessories menu for Windows programs and select "Run as administrator".
• One of the above steps is required because the User Account Control (UAC) security component in the Windows Vista and Windows Server 2008 operating systems prevents administrator access to fiirewall settings. For more information about UAC, please see the following document:
Note: While Windows Firewall can be configured using the Windows Firewall applet in the Windows Control Panel, that utility does not have the required features to enable all of the features for FTP.
The Windows Firewall with Advanced Security utility that is located under Administrative Tools in the Windows Control Panel has all of the required features to enable the FTP features, but in the interests of simplicity this walkthrough will describe how to use the command-line Netsh.exe utility to configure the Windows Firewall.
Using Windows Firewall with non-secure FTP traffic
To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:
1. Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
2. To open port 21 on the firewall, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
3. To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp enable
For more details visit reference link.