Windows Server 2016 Firewall blocking ftp transfer

Windows Server 2016 and not being able to download a file from a remote ftp site.  The ftp site given is not an IP address and is domain www.vaeb.uscourt.gov.  I have a script setup to pull the file down, but it never generates.  When I manually run it I can see it connects, but never see it transfer data.

So I decided to temporarily disable Windows firewall, and it ran fine. I enabled the firewall back and opened up both inbound and outbound ports (20 and 21).  However, it does not download data.  Please note we do not host and ftp server and simply want to connect to a remote ftp server.
cmp119IT ManagerAsked:
Who is Participating?
 
Shaun VermaakConnect With a Mentor Technical Specialist/DeveloperCommented:
Yes, always best to do application rule to allow the app to use whatever port is required.
0
 
yo_beeConnect With a Mentor Director of Information TechnologyCommented:
21 and 22 are normal FTP and Sftp.
Have you tried to telnet to the address with your firewall on?  This is a good way to verify port connectivity.
0
 
DrDave242Commented:
Is the FTP connection being established in active or passive mode?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
cmp119IT ManagerAuthor Commented:
Active mode!
0
 
DrDave242Commented:
Since the issue appears to be caused by the firewall on the "client" side (even though the "client" in this case is a server), can you try it in passive mode?
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
The firewall by default only blocks inbound connections.

I would enable the firewall log and try the connection. After that check for drop connections in the log
0
 
cmp119IT ManagerAuthor Commented:
Okay, I just disabled both the inbound/outbound rules that I created to allow traffic for ports 21/22, and then I enabled "Notify me when Windows Firewall blocks new app".  I then ran the ftp script, and Windows prompted me if I wanted to allow the app to run, and I selected "Yes".  The script now runs.  I checked the firewall inbound rules, and I can see two "File Transfer Program" rules to enable/allow using UDP and TCP for program "C:\Windows\System32\ftp.exe".
0
 
cmp119IT ManagerAuthor Commented:
So, I am now concerned about securing the data upon receipt.  Other than SFTP, is there anything I can do to lockdown the ftp transmission and then also the file that it downloads onto the C:\TransCases\?
0
 
Shaun VermaakConnect With a Mentor Technical Specialist/DeveloperCommented:
Two things to consider, data in transit and data at rest.

With data at rest ensure server/folder is secure and perhaps even encrypted
With data in transit, you have to use SFTP or FTPS
0
 
cmp119IT ManagerAuthor Commented:
I got it all working now.  Thanks.
0
 
yo_beeDirector of Information TechnologyCommented:
Nice, but please update this question with the solution that worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.