Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Serv-U Managed File Transfer & Serv-U FTP Server > Set a passive port range in Serv-U FTP Server

Set a passive port range in Serv-U FTP Server

Table of contents

Updated August 30th, 2016

Overview

As you probably already know, FTP uses multiple connections on multiple ports to perform file transfers.

Many firewalls "understand" plan text FTP and can open/close the appropriate ports dynamically if you specifically configure "FTP" (rather than "TCP port 21") on firewall rules. However, when FTPS is used, the control channel the firewall would usually read is encrypted, so firewall technicians find they need to open up ranges of high inbound TCP ports to get FTPS to work in passive mode. (We do not recommend the use of active mode FTPS transfers; fortunately most clients that can do FTPS select passive mode transfers by default.)

To avoid ridiculous ranges (e.g., "allow TCP from all to ports 1024-65535"), specific ranges of inbound passive ports can be configured on both your FTP server and your firewall. These instructions show how to configure a passive FTP port range on Serv-U. (Related instructions show how to require the use of passive mode transfers in Serv-U.)

Environment

Serv-U 14.0 and later

Steps

  1. Open your Serv-U Management Console and navigate to the "Server Settings" tab under "Server Limits & Settings". (Do not go to your Domain-level Limits & Settings.) 
  2. Scroll down until you see the "Network Settings" panel. Fill in a value for the "PASV Port Range". (We recommend starting with 50000-50009; you can use a narrower port range if you never hit simultaneous transfers; use a wider port range if you support more simultaneous transfers.) 

   3. Click the "Save" button in the "Network Settings" panel.

  4. To test, connect to Serv-U using an FTP client that is set up to use passive mode. Connect to the server from outside your firewall, attempt several directory listings and transfers, and make sure passive transfers work.

 

Last modified
15:08, 16 Oct 2017

Tags

Classifications

Public