Question: How to configure MS-FTP with Windows firewall?
Answer:
- Create a Default FTP site in the IIS Web Server with the help of this Article
Step 1: Configure the Passive Port Range for the FTP Service
In this section, configure the server-level port range for passive connections to the FTP service. Use the following steps:&
Go to IIS Manager. In the Connections pane, click the server-level node in the tree.
1. Double-click the FTP Firewall Support icon in the list of features.
Double-click the FTP Firewall Support icon in the list of features.
Enter a range of values for the Data Channel Port Range 49152-65535
Once the Port range for the FTP service is entered, click Apply in the Actions pane to save configuration settings.
Step 2: Configure the external IPv4 Address for a specific FTP site
In this section, configure the external IPv4 address for the specific FTP site that was created earlier. Use the following steps:
1. Go to IIS Manager. In the Connections pane, click the FTP site that was created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
Enter the IPv4 address of the external-facing address of the corresponding firewall server for the External IP Address of the Firewall setting.
Once the external IPv4 address of the firewall server is entered, click Apply in the Actions pane to save configuration settings.
Step 3: Configure Windows Firewall Settings
Using Windows Firewall with non-secure FTP traffic
To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To open port 21 on the firewall, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
- To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp enable
Using Windows Firewall with secure FTPs over SSL traffic
To configure Windows Firewall to allow secure FTPs traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To configure the firewall to allow the FTP service to listen on all ports that it opens, type the following syntax then hit enter
netsh advfirewall firewall add rule name="FTP for IIS" service=ftpsvc action=allow protocol=TCP dir=in - To disable stateful FTP filtering so that Windows Firewall will not block FTP traffic, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp disable
For more details visit the reference link.