Question: How to configure MS-FTP with Windows firewall?
Answer:
- Create a Default FTP site in the IIS Web Server with the help of this Article
Step 1: Configure the Passive Port Range for the FTP Service
In this section, configure the server-level port range for passive connections to the FTP service. Use the following steps:&
Go to IIS Manager. In the Connections pane, click the server-level node in the tree.
1. Double-click the FTP Firewall Support icon in the list of features.
![](http://portal.hostingcontroller.com/AvatarHandler.ashx?radfile=%252fCommon%252fStep1.JPG)
Double-click the FTP Firewall Support icon in the list of features.
![](http://portal.hostingcontroller.com/AvatarHandler.ashx?radfile=%252fCommon%252f1.1.JPG)
Enter a range of values for the Data Channel Port Range 49152-65535
![](http://portal.hostingcontroller.com/AvatarHandler.ashx?radfile=%252fCommon%252f1.2.JPG)
Once the Port range for the FTP service is entered, click Apply in the Actions pane to save configuration settings.
Step 2: Configure the external IPv4 Address for a specific FTP site
In this section, configure the external IPv4 address for the specific FTP site that was created earlier. Use the following steps:
1. Go to IIS Manager. In the Connections pane, click the FTP site that was created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
![](http://portal.hostingcontroller.com/AvatarHandler.ashx?radfile=%252fCommon%252f2.1.JPG)
Enter the IPv4 address of the external-facing address of the corresponding firewall server for the External IP Address of the Firewall setting.
![](http://portal.hostingcontroller.com/AvatarHandler.ashx?radfile=%252fCommon%252f2.1.JPG)
Once the external IPv4 address of the firewall server is entered, click Apply in the Actions pane to save configuration settings.
Step 3: Configure Windows Firewall Settings
Using Windows Firewall with non-secure FTP traffic
To configure Windows Firewall to allow non-secure FTP traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To open port 21 on the firewall, type the following syntax then hit enter:
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21
- To enable stateful FTP filtering that will dynamically open ports for data connections, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp enable
Using Windows Firewall with secure FTPs over SSL traffic
To configure Windows Firewall to allow secure FTPs traffic, use the following steps:
- Open a command prompt: click Start, then All Programs, then Accessories, then Command Prompt.
- To configure the firewall to allow the FTP service to listen on all ports that it opens, type the following syntax then hit enter
netsh advfirewall firewall add rule name="FTP for IIS" service=ftpsvc action=allow protocol=TCP dir=in - To disable stateful FTP filtering so that Windows Firewall will not block FTP traffic, type the following syntax then hit enter:
netsh advfirewall set global StatefulFtp disable
For more details visit the reference link.