Your network contains an Active Directory domain named contoso.com. The domain contains an application
server named Server1.Server1 runs Windows Server 2012 R2.
Server1 is configured as an FTP server.
Client computers use an FTP application named App1.exE. App1.exe uses TCP port 21 as the control port and
dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exE.
What should you do?
A.
Run netshadvfirewall set global statefulftp enable.
B.
Run netsh firewall addportopening TCP 21 dynamicftp.
C.
Create an inbound firewall rule to allow App1.exE.
D.
Create an isolation connection security rule.
Explanation:
The Netshadvfirewall set global statefulftp command will configure how Windows Firewall with Advanced
Security handles FTP traffic that uses an initial connection on one port to request a data connection on a
different port.When statefulftp is enabled (Disabled being the default setting) the firewall tracks the port numbers specified in
PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data
traffic entering on the requested port number.
Windows Firewall and non-secure FTP traffic
Windows firewall can be configured from command line using netsh command. 2 simple steps are required to setup Windows Firewall to allow non-secure FTP traffic
1) Open port 21 on the firewall
netsh advfirewall firewall add rule name=”FTP (no SSL)” action=allow protocol=TCP dir=in localport=21
2) Activate firewall application filter for FTP (aka Stateful FTP) that will dynamically open ports for data connections
netsh advfirewall set global StatefulFtp enable
http://blogs.iis.net/jaroslad/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0