Home
Microsoft

When in passive mode, IIS asks for a port range for the FTP service. This is question that could be asked: Is it possible to use a single port instead of a port range for IIS FTP?

 

The short answer is “Yes” but there is a specific format you should enter the value in.

 

Configuration

For using IIS FTP via a specific port, go to “FTP Firewall Support” module in IIS and enter the port number twice with a dash sign (-) between in the “Data Channel Port Range” field. Example: 6001-6001 to use port 6001. After this change, make sure to restart “Microsoft FTP Service” (Start > Run > services.msc).

 

data-channel-port-range - Copy.PNG

 

As you see in the example above, it is technically possible to use IIS FTP over a single port. However, it is not recommended because using single port will limit the number of “Client IP – Client Port – Server Port” combinations. The FTP sessions are uniquely identified thanks to this combination. Using a single server port will result in having the same combination which may result in the concurrent FTP requests to be rejected.

 

Note: If the “Data Channel Port Range” field is grayed out, make sure that you are changing the server-level settings.

 

Confirmation

Connect to your FTP host via an FTP client to confirm that the FTP service uses only the assigned port. Then check the IIS logs in this folder: c:\inetpub\logs\LogFiles\FTPSVC2.

 

2.jpg

 

Note: For the unsecure FTP service, IIS doesn’t use the port you assigned. Instead, it uses a random port number in the range from 1025 through 65535. IIS uses the port you specified in “Data Channel Port Range” field only via secure FTP service.