IIS 7 and Above
FTP over SSL in IIS 7
Last post Oct 02, 2011 10:19 PM by drshickell
Aug 25, 2010 10:59 AM|gebruiker81|LINK
At this moment I'm try to implement FTP over SSL in our FTP server (IIS 7). We run here a Windows Server 2008 SP2 enterprise 32bit. When I try to log on via the method: FTPS, unfortunately it can't make a connection to the ftp server. without FTPS everything
is working fine, but for the security and because of wish of some customers we have to implement FTPS.
I performed the following actions to configure this:
1. First I created a CSR for a CA
2. I received a CSR file from a CA and installed this.
3. On the FTP over SSL setting I performed the following settings: Controle channel: require only for credentials, Data channel: allow.
4. for port range: I tried 49152-65535 and 0-0
5. in Our Cisco firewall ASA 5505 serie I opened an extra port: ftp over data 20. the port 21 was already open.
On the FTP client I performed the following settings:
1. I installed FileZilla and setup a ftp host
2. I choose to use FTPS FTP over impliciet TLS/SSL
3. I choose for transfer options: standard, active en passive, but all three options no-go
I followed already your tutorial: http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/
Unfortunately all above steps didn't help me further
At this moment I get no connection with our FTP server and I see in FileZilla that it is trying to connect over port: 990
Please provide me some tips and help..
At this moment it is stated: connection made, TLS initializing on port: 21
Do anyone has an idea where to check now?
I just choose for server-type: FTPES over explicit TLS/SSL and the certificate get recognized. Also the logproces went further, but at the end I doesn't continue. I get the error: can't view folders.
any one tips how to solve this last step?
Aug 27, 2010 06:48 PM|gauravm|LINK
Oct 02, 2011 10:19 PM|drshickell|LINK
FTPs is different than SFTP. SFTP uses no control channel. In FTPs it is like FTP in that it uses a data channel and control channel. When encryption gets involved the firewall cant snopp the traffic and tell what to do next based on snooping the control
channel. The result is that an ASA will not allow FTPS traffic out of the box. You can work around it using fixed ports or another protocol.
Per Cisco. . .
Unable to Run FTPS (FTP Over SSL) across ASA
FTP with TLS/SSL (SFTP / FTPS) is not supported through the Security Appliance. FTP connection is encrypted, so there is no way that the firewall is able to decrypt the packet. Refer to
PIX/ASA: Security Appliance FAQ for more information.