How to configure MS-FTP with windows firewall?

Question: How to configure MS-FTP with windows firewall?

Answer:

  • Create a Default FTP site in IIS Web Server with the help of this Article

Step 1: Configure the Passive Port Range for the FTP Service

In this section, configure server-level port range for passive connections to the FTP service. Use the following steps:&
 
Go to IIS Manager. In the Connections pane, click the server-level node in the tree. 

     1. Double-click the FTP Firewall Support icon in the list of features.  

 Double-click the FTP Firewall Support icon in the list of features.


Enter a range of values for the Data Channel Port Range.


Once Port range for FTP service is entered, click Apply in Actions pane to save configuration settings.
 

 

 

 

 Step 2: Configure the external IPv4 Address for a specific FTP site 

In this section, configure the external IPv4 address for the specific FTP site that was created earlier. Use the following steps:

    1. Go to IIS Manager. In the Connections pane, click the FTP site that was created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features. 


Enter the IPv4 address of the external-facing address of corresponding firewall server for the External IP Address of Firewall setting. 

 

 

 


Once the external IPv4 address of firewall server is entered, click Apply in the Actions pane to save configuration settings.

Step 3: Configure Windows Firewall Settings

Using Windows Firewall with non-secure FTP traffic

To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:

    1.  Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.

    2.  To open port 21 on the firewall, type the following syntax then hit enter:

netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21

    3.  To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax then hit enter:

netsh advfirewall set global StatefulFtp enable 

Using Windows Firewall with secure FTPs over SSL traffic

To configure Windows Firewall to allow secure FTPs traffic, use the following steps:

    1.  Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.

    2.  To configure the firewall to allow the FTP service to listen on all ports that it opens, type the following syntax then hit enter::

netsh advfirewall firewall add rule name="FTP for IIS" service=ftpsvc action=allow protocol=TCP dir=in

    3.  To disable stateful FTP filtering so that Windows Firewall will not block FTP traffic, type the following syntax then hit enter:

netsh advfirewall set global StatefulFtp disable 

 

For more details visit reference link.

 

 

 

 

 

 

 

 

 

Add Feedback