When in passive mode, IIS asks for a port range for the FTP service. This is question that could be asked: Is it possible to use a single port instead of a port range for IIS FTP?


The short answer is “Yes” but there is a specific format you should enter the value in.



For using IIS FTP via a specific port, go to “FTP Firewall Support” module in IIS and enter the port number twice with a dash sign (-) between in the “Data Channel Port Range” field. Example: 6001-6001 to use port 6001. After this change, make sure to restart “Microsoft FTP Service” (Start > Run > services.msc).


data-channel-port-range - Copy.PNG


As you see in the example above, it is technically possible to use IIS FTP over a single port. However, it is not recommended because using single port will limit the number of “Client IP – Client Port – Server Port” combinations. The FTP sessions are uniquely identified thanks to this combination. Using a single server port will result in having the same combination which may result in the concurrent FTP requests to be rejected.


Note: If the “Data Channel Port Range” field is grayed out, make sure that you are changing the server-level settings.



Connect to your FTP host via an FTP client to confirm that the FTP service uses only the assigned port. Then check the IIS logs in this folder: c:\inetpub\logs\LogFiles\FTPSVC2.




Note: For the unsecure FTP service, IIS doesn’t use the port you assigned. Instead, it uses a random port number in the range from 1025 through 65535. IIS uses the port you specified in “Data Channel Port Range” field only via secure FTP service.