none
Windows 7 firewall - problems with FTP over SSL client

    Question

  • Hello,

    I've been doing FTP over SSL (FTPS) transfer with the client on the Win 7 machine . When the Windows firewall is turned on the transfer fails after 256 files transferred. When the FW is turned off , all files are transferred successfully. Please suggest where should I look in WIN 7 FW to resolve this - i.e. to be able to use FTPS and transfer more than 256 files with FW on. I've noticed that when FTPS protocol is in use a new data connection is opened for each file - so I gues there is a limit in FW on number of concurrent connection or similar ....

    Regards!

    Friday, July 05, 2013 9:46 AM

Answers

  • Hello, 

    I've found the solution:

    http://superuser.com/questions/224363/firewall-blocks-ftp-pasv-response

    I used 

    netsh advfirewall set global StatefulFTP disable

    command that disabled non-passive FTP . 

    Regards,

    Nenad

    Friday, July 12, 2013 10:02 AM

All replies

  • A. What message do you see when you send 257th file? Any trace in even log files and ftp log files? Reveal your findings.

    B. Concurrent connection limit for Windows 7 is smaller than 256.

    C. There are limit of cache and stored files that correspond to 256.

    D. Network monitor may help to resolve the cause of limit (Wireshark will do the job)

    Rgds

    Milos

    Friday, July 05, 2013 8:33 PM
  • Hello,

    there is no error message after 256 files has been transferred. We traced the transfer with Wireshark and came to conclusion that Windows firewall was causing this - that proved to be true since everything works once the WIN FW is turned off. 

    Regards,

    Nenad

    Monday, July 08, 2013 8:28 AM
  • Hi,

    The Windows Firewall log file is useful for determining if Windows Firewall is the cause of program failures. Follow this article to enable the Windows Firewall log:

    http://technet.microsoft.com/en-us/library/cc947815(v=ws.10).aspx

    Interpreting the Windows Firewall Log

    http://technet.microsoft.com/en-us/library/cc758040(v=ws.10).aspx


    Tracy Cai
    TechNet Community Support

    Thursday, July 11, 2013 5:05 AM
    Moderator
  • Hello,

    the firewall log shows :

    .

    .

    .

    2013-07-11 12:01:02 ALLOW TCP 10.144.226.57 10.1.50.250 60132 25805 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:02 ALLOW TCP 10.144.226.57 10.1.50.250 60133 25806 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:02 ALLOW TCP 10.144.226.57 10.1.50.250 60134 25807 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60135 25808 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60136 25809 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60137 25810 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60138 25811 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60139 25812 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:03 ALLOW TCP 10.144.226.57 10.1.50.250 60140 25813 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:04 ALLOW TCP 10.144.226.57 10.1.50.250 60141 25814 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:04 ALLOW TCP 10.144.226.57 10.1.50.250 60142 25815 0 - 0 0 0 - - - SEND
    2013-07-11 12:01:22 ALLOW TCP 10.144.226.57 10.144.32.6 60143 445 0 - 0 0 0 - - - SEND
    2013-07-11 12:02:15 ALLOW UDP 10.144.226.173 239.255.255.250 1900 1900 0 - - - - - - - RECEIVE

    .

    .

    .

    The FTP server address is 10.1.50.250 and my local machine is 10.144.226.57. The last log entry at 2013-07-11 12:01:22 ....

    Could you interpret this ?

    Regards,

    Nenad

    Thursday, July 11, 2013 10:07 AM
  • Hello, 

    I've found the solution:

    http://superuser.com/questions/224363/firewall-blocks-ftp-pasv-response

    I used 

    netsh advfirewall set global StatefulFTP disable

    command that disabled non-passive FTP . 

    Regards,

    Nenad

    Friday, July 12, 2013 10:02 AM