Server1 runs Windows Server 2012 and is installed as an FTP server.
Client use App1 to connect to Server1 for FTP.
App1 use TCP port 21 for control and a dynamic portfor data. You have allowed port 21 in firewall. What
youshould next do to allow clients to use App1 to connect to server1 using ftp.
A.
At Server1 allow firewall rule of outbound
B.
At Server1 allow firewall rule of inbound
C.
netshadvfirewalldomainprofile state off
D.
netshadvfirewall set global StatefulFtp enable
Explanation:
Set global statefulftp
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection
onone port to request a data connection on a different port. This affects both active and passive FTP.
http://technet.microsoft.com/en-us/library/cc771920%28v=ws.10%29.aspx http://support.microsoft.com/
kb/832017/en-us#method20
P.S
There is a fair bit of confusion around the purposeof the Alternate DNS Server. This Post should hopefully put
these questions to bed. The general assumption is that, the Windows DNS Client on all counts, will send a DNS
query to the PreferredDNS first. If this query fails, then it will query the Alternate DNS Server, andso on and so
forth.
The above statement is true, however there is a twist. The Windows DNS Client will reset the DNS Server
Priority at periodic intervals. By default, the serverpriorities are reset every 15 minutes.
Let’s look at an example:
I have a DNS Client configured as follows:
Preferred DNS: 192.168.0.1
Alternate DNS: 10.10.0.1
The DNS Client will start by sending queries to 192.168.0.1. After 15 minutes it will switch priority to
10.10.0.1. Thus all queries will first be sent to 10.10.0.1 for a period of 15 minutes before switching back
to192.168.0.1
There is another condition that triggers a PrioritySwitch.
If say the Preferred DNS timed out on a DNS query, the DNS Client will send that DNS Query to theAlternate
DNS.
If the Alternate DNS resolves the Query, the Priority will now switch to the Alternate DNS, until either it timesout
on a Query or the Priority Time Limit expires.
It is a common practice to configure the Preferred DNS Server with the IP of a Local Site DNS Server and the
Alternate DNS Server with that of a Remote Site. The problem arises when Firewall/Network folk
raisecomplaints that Clients are sending DNS Traffic to Remote DNS Servers. Well, that is because theyhave
beenconfigured to do so.
http://blogs.technet.com/b/ajayr/archive/2011/12/14/who-does-dns-client-prefer-preferred- or-alternate.aspx
http://technet.microsoft.com/en-us/library/cc738344%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/
library/jj590768.aspx
Anwser is B.
Hmmm, I thought it was D, can anyone confirm?
It is not D, because :
Configure an inbound firewall rule to allow inbound FTP connections to only the ports on which FTP is listening
Open an Administrator command-prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
Run the following command:
netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in
Finally, disable stateful FTP filtering so that the firewall does not block any FTP traffic.
netsh advfirewall set global StatefulFTP disable
as per link: http://technet.microsoft.com/en-us/library/dd421710%28v=ws.10%29.aspx#bkmk_2
StatefulFTP needs to be disabled (so that Windows firewall will not block FTP traffic), so D makes no sense.
(http://technet.microsoft.com/en-us/library/dd421710(v=ws.10).aspx)
D is correct.
http://technet.microsoft.com/fr-fr/library/cc771920(v=ws.10).aspx
The post that says it must be disable, is if you configure ftp and predetermine the port, and create the rules, then it must be disable. The simplest way, is to enable it, and leave the ftp server as is. The firewall will then listen to the ftp session for the port open command and allow the negociated port to be openned.
D
It’s D and you HAVE to enable STATEFULL filtering. The initial connection is made on 21. Then the Server and Client negotiate a port for data transfer. This is the Statefull or negotiated portion.
https://daviderault.wordpress.com/2012/02/16/adding-ftp-rules-to-windows-firewall-with-advanced-security/
D
To configure Windows Firewall with Advanced Security to allow FTP data traffic through Windows Firewall when using either PORT or PASV commands: set global statefulftp enable
https://technet.microsoft.com/en-us/library/cc771920(v=ws.10).aspx#BKMK_set_2a