Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Set a passive port range in Serv-U FTP Server

Set a passive port range in Serv-U FTP Server

Table of contents

Updated August 30th, 2016

Overview

As you probably already know, FTP uses multiple connections on multiple ports to perform file transfers.

Many firewalls "understand" plan text FTP and can open/close the appropriate ports dynamically if you specifically configure "FTP" (rather than "TCP port 21") on firewall rules. However, when FTPS is used, the control channel the firewall would usually read is encrypted, so firewall technicians find they need to open up ranges of high inbound TCP ports to get FTPS to work in passive mode. (We do not recommend the use of active mode FTPS transfers; fortunately most clients that can do FTPS select passive mode transfers by default.)

To avoid ridiculous ranges (e.g., "allow TCP from all to ports 1024-65535"), specific ranges of inbound passive ports can be configured on both your FTP server and your firewall. These instructions show how to configure a passive FTP port range on Serv-U. (Related instructions show how to require the use of passive mode transfers in Serv-U.)

Environment

Serv-U 14.0 and later

Steps

  1. Open your Serv-U Management Console and navigate to the "Server Settings" tab under "Server Limits & Settings". (Do not go to your Domain-level Limits & Settings.) 
  2. Scroll down until you see the "Network Settings" panel. Fill in a value for the "PASV Port Range". (We recommend starting with 50000-50009; you can use a narrower port range if you never hit simultaneous transfers; use a wider port range if you support more simultaneous transfers.) 

   3. Click the "Save" button in the "Network Settings" panel.

  4. To test, connect to Serv-U using an FTP client that is set up to use passive mode. Connect to the server from outside your firewall, attempt several directory listings and transfers, and make sure passive transfers work.

 

Last modified

Tags

Classifications

Public