How to define a passive FTP port range in IIS 7

Within this article we will describe the required steps for defining a specific passive FTP port range within IIS 7.

  1. First of all permit the necessary ports through your edge firewall. Typically you will only need to allow FTP (rather then the data channel ports as well) as most firewalls include a FTP inspection engine that will open these ports dynamically.
  2. Open the IIS Manager, select the computer name, open FTP Firewall Support. Within here add the 'Data Channel Port Range' along with the 'External IP address'. The External IP address should be the internal IP address assigned to the server (i.e 10.x.x.x/172.16.x.x/192.168.x.x).
  3. Next restart the IIS service. Then issue a full stop and then start on the "Microsoft FTP Service".

Tags: FTP

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001