Windows 2019
Sponsored Link

FTP Server : Configure Passive Mode
2019/09/06
 
On this example, it shows to configure FTP Server with Passive Mode.
[1] Run PowerShell with Admin Privilege and Configure FTP Service.
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# set the port range you use for passive mode
# specify any range that FTP Server Host does not use
# example below sets 60000 - 60100 range
PS C:\Users\Administrator> Set-WebConfiguration "/system.ftpServer/firewallSupport" -PSPath "IIS:\" -Value @{lowDataChannelPort="60000";highDataChannelPort="60100";} 

# confirm
PS C:\Users\Administrator> Get-IISConfigSection -SectionPath "system.ftpServer/firewallSupport" 

IsLocked              : False
OverrideMode          : Inherit
OverrideModeEffective : Deny
SectionPath           : system.ftpServer/firewallSupport
Attributes            : {lowDataChannelPort, highDataChannelPort}
ChildElements         : {}
ElementTagName        : system.ftpServer/firewallSupport
IsLocallyStored       : True
Methods               :
RawAttributes         : {[lowDataChannelPort, 60000], [highDataChannelPort, 60100]}
Schema                : Microsoft.Web.Administration.ConfigurationElementSchema

#restart FTP Service
PS C:\Users\Administrator> Restart-Service ftpsvc 

# allow passive ports you set and also 21 port FTP Server uses on Windows firewall
PS C:\Users\Administrator> New-NetFirewallRule `
-Name "FTP Server Port" `
-DisplayName "FTP Server Port" `
-Description 'Allow FTP Server Ports' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol TCP `
-Program Any `
-LocalAddress Any `
-LocalPort 21,60000-60100 

Name                  : FTP Server Port
DisplayName           : FTP Server Port
Description           : Allow FTP Server Ports
DisplayGroup          :
Group                 :
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local
FTP Server : Configure Passive Mode (GUI)
 
On GUI configuration, set like follows.
[2] Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager].
[3] Select Hostname on the left pane and Click [FTP Firewall Support] on the center pane.
[4] Input port range for [Data Channel Port Range] section. Specify any range that FTP Server Host does not use. (example below sets 60000 - 60100 range)
[5] Open [Server Manager] - [Tools] - [Services] and restart FTP Service to apply changes.
[6] Open [Server Manager] - [Tools] - [Windows Defender Firewall with Advanced Security] and add inbound rule to allow passibe ports you set and also 21 port FTP Service uses like follows.
Matched Content