FTP Server : Configure Passive Mode2022/02/02

	On this example, it shows to configure FTP Server with Passive Mode.
[1]	Run PowerShell with Admin Privilege and Configure FTP Service.

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

# set the port range you use for passive mode
# specify any range that FTP Server Host does not use
# example below sets 60000 - 60100 range
PS C:\Users\Administrator> Set-WebConfiguration "/system.ftpServer/firewallSupport" -PSPath "IIS:\" -Value @{lowDataChannelPort="60000";highDataChannelPort="60100";} 

# confirm
PS C:\Users\Administrator> Get-IISConfigSection -SectionPath "system.ftpServer/firewallSupport" 

IsLocked              : False
OverrideMode          : Inherit
OverrideModeEffective : Deny
SectionPath           : system.ftpServer/firewallSupport
Attributes            : {lowDataChannelPort, highDataChannelPort}
ChildElements         : {}
ElementTagName        : system.ftpServer/firewallSupport
IsLocallyStored       : True
Methods               :
RawAttributes         : {[lowDataChannelPort, 60000], [highDataChannelPort, 60100]}
Schema                : Microsoft.Web.Administration.ConfigurationElementSchema

# restart FTP Service
PS C:\Users\Administrator> Restart-Service ftpsvc 

# allow passive ports you set and also 21 port FTP Server uses on Windows firewall
PS C:\Users\Administrator> New-NetFirewallRule `
-Name "FTP Server Port" `
-DisplayName "FTP Server Port" `
-Description 'Allow FTP Server Ports' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol TCP `
-Program Any `
-LocalAddress Any `
-LocalPort 21,60000-60100 

Name                          : FTP Server Port
DisplayName                   : FTP Server Port
Description                   : Allow FTP Server Ports
DisplayGroup                  :
Group                         :
Enabled                       : True
Profile                       : Any
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}

FTP Server : Configure Passive Mode (GUI)

	On GUI configuration, set like follows.
[2]	Run [Start] - [Server Manager] and Click [Tools] - [Internet Information Services (IIS) Manager].

[3]	Select Hostname on the left pane and Click [FTP Firewall Support] on the center pane.

[4]	Input port range for [Data Channel Port Range] section. Specify any range that FTP Server Host does not use. (example below sets 60000 - 60100 range)

[5]	Open [Server Manager] - [Tools] - [Services] and restart FTP Service to apply changes.

[6]	Open [Server Manager] - [Tools] - [Windows Defender Firewall with Advanced Security] and add inbound rule to allow passibe ports you set and also 21 port FTP Service uses like follows.

Matched Content