I had a customer that had issues with their Azure Pack websites setup. They could not connect to the FTP for files and logs.
After some investigation I found that the FTP passive ports where not configured. This means that the FTP service uses Windows default TCP/IP dynamic port range (1024 through 65535) and opening all those ports in the firewall seems a bit unnecessary.
So to configure the passive ports you do the following:
- On the publisher server open IIS Manager
- Select your publisher server in the connections tree on the left
- Then open “FTP Firewall Support”
- In the “Data Channel Port Range:” type in the passive ports you want to use.
- In the “External IP Address of Firewall:” type in the external IP of your publisher
- Click apply and then restart the FTP service (FTPSVC)
After this configuration is completed you need to open the same passive ports on your external firewall.
I hope this can help those of you that don’t want to have all the dynamic ports open in your firewall for your azure pack websites.