Have you ever been asked to deploy FTP service Over SSL?

We know that FTP uses two ports by default: 21 for sending commands, and 20 for sending data. As an example if you said “FTP://” it might make the attempt using port 21. If the session was established, port 20 would be using for the information.

So what about FTP Over SSL? Is there a fanatical port for it? actually , I faced this question before around 2 weeks and that i would really like to share with you my experience and the way I worked around this issue. Unfortunately, no dedicated port number for FTP Over SSL. it’s open a random port bigger than 1024 which mean you want to open all ports on your firewall…. i do know you’ll say it’s a joke…me too said an equivalent thing i will be able to not open all ports on firewall 🙂 .. so what’s the solution?

I read tons about limitation the FTP Over SSL random ports. Microsoft says you’ll do this by configure Data Channel Port home in (IIS —> FTP Firewall Support) okay I did that but with no success. wont to be”> i used to be wondering if there’s differently to try to to that and eventually i assumed from another side and that i asked the question: how am i able to limit the random ports? I found the key; the below command used to limit the random ports:

netsh int set dynamic start=number num=range

This command sets the dynamic port range for TCP. the beginning port is number, and therefore the total number of ports is range. the subsequent are sample commands:

netsh int ipv4 set dynamicport tcp start=10000 num=1000
netsh int ipv4 set dynamicport udp start=10000 num=1000
netsh int ipv6 set dynamicport tcp start=10000 num=1000
netsh int ipv6 set dynamicport udp start=10000 num=1000
These sample commands set the dynamic port range to start out at port 10000 and to finish at port 11000 (1000 ports). The minimum range of ports which will be set is 255. The minimum starting port which will be set is 1025. the utmost end port (based on the range being configured) cannot exceed 65535. To duplicate the default behavior of Windows Server 2003, use 1025 because the start port, then use 3976 because the range for both TCP and UDP. This leads to a start port of 1025 and an end port of 5000. for more information please see:

And here we are…it’s worked fine and that i configured the firewall to open only the range of ports which employed by FTP Over SSL.

I wish you discover this article is useful 🙂

Follow My Blog

Get new content delivered directly to your inbox.

%d bloggers like this: