Windows 2012 Firewall blocking outgoing access to certain FTP (SSL) clients.

just enabled our windows 2012 firewall, , users started complaining ftp servers no longer accessible.  currently our firewall allows 3 profiles domain,public,and private allow outgoing connections.  

after disabling firewall incoming profiles, user able again access ftp server.  i've verified port established when successful port 21 on tcp.  the pfirewall logs don't indicate packets being dropped either.  

thanks.

hi,

based on research, there 2 types of ftp modes. mode have used?

in active mode ftp, client connects random unprivileged port (n > 1023) ftp server's command port 21. then, client starts listening port n+1 , sends ftp command port n+1 ftp server. server connect client's specified data port local data port, port 20.

in passive mode ftp, client opens 2 random unprivileged ports locally (n > 1023 , n+1). first port contacts server on port 21, instead of issuing port command , allowing server connect data port, client issue pasv command. result of server opens random unprivileged port (p > 1023) , sends p client in response pasv command. client initiates connection port n+1 port p on server transfer data.

bellows required ports ftp:

port-mode ftp client-side firewall:

outbound: tcp port 20, 21     inbound: tcp ports 1023 , above

port-mode ftp server-side firewall:

outbound: tcp ports 1023 , above   inbound: tcp port 20, 21

pasv-mode ftp client-side firewall:

outbound: tcp port 21 , tcp ports 1023 , above       inbound: tcp ports 1023 , above

pasv-mode ftp server-side firewall:

outbound: tcp ports 1023 , above      inbound: tcp port 21 , tcp ports 1023 , above

best regards,

susie

Windows Server  >  Windows Server 2012 General