I'm attempting to setup a FTPS server on Windows Server 2008. The inner workings have been successful -- I can connect locally or on the VPN. But I can't seem to craft the firewall rules to make it work properly. I have the server configured to confine data channels to ports 41230-41240 insofar as I can tell and the networking team has configured the same ports to be open. But it appears my clients are all still trying to connect via ports in the 50000-52000 range. I have tried all possible IPs to "route" through according to the standard technet article -- the server's own and both firewalls.
I can't see a rhyme or reason to this, has anyone successfully got a Windows Server 2008 running through the firewall in the following network configuration:
- Server itself has no firewall running
- No NAT -- server has it's public address assigned directly, etc.
- Redundant Cisco ASA firewalls.
- We are really running FTPES -- that is, FTP with explicit security -- with control on 21 and hoping to put data on 41230-41240.
Please advise if you need more information.
2 things:
1) connect in passive mode.
2) Add passive port range in IIS:
We went through this a year ago; having clients configure their firewalls to work with the dynamic port ranges was endless grief. Ultimately we replaced FTPS with SFTP which uses fixed ports and all the problems vanished. This product along with filezilla for end users has worked very for us. https://www.bitvise.com/winsshd