Windows Server 2016 Firewall blocking ftp transfer

Windows Server 2016 and not being able to download a file from a remote ftp site.  The ftp site given is not an IP address and is domain www.vaeb.uscourt.gov.  I have a script setup to pull the file down, but it never generates.  When I manually run it I can see it connects, but never see it transfer data.

So I decided to temporarily disable Windows firewall, and it ran fine. I enabled the firewall back and opened up both inbound and outbound ports (20 and 21).  However, it does not download data.  Please note we do not host and ftp server and simply want to connect to a remote ftp server.
cmp119IT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
21 and 22 are normal FTP and Sftp.
Have you tried to telnet to the address with your firewall on?  This is a good way to verify port connectivity.
0
DrDave242Commented:
Is the FTP connection being established in active or passive mode?
0
cmp119IT ManagerAuthor Commented:
Active mode!
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

DrDave242Commented:
Since the issue appears to be caused by the firewall on the "client" side (even though the "client" in this case is a server), can you try it in passive mode?
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
The firewall by default only blocks inbound connections.

I would enable the firewall log and try the connection. After that check for drop connections in the log
0
cmp119IT ManagerAuthor Commented:
Okay, I just disabled both the inbound/outbound rules that I created to allow traffic for ports 21/22, and then I enabled "Notify me when Windows Firewall blocks new app".  I then ran the ftp script, and Windows prompted me if I wanted to allow the app to run, and I selected "Yes".  The script now runs.  I checked the firewall inbound rules, and I can see two "File Transfer Program" rules to enable/allow using UDP and TCP for program "C:\Windows\System32\ftp.exe".
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Yes, always best to do application rule to allow the app to use whatever port is required.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cmp119IT ManagerAuthor Commented:
So, I am now concerned about securing the data upon receipt.  Other than SFTP, is there anything I can do to lockdown the ftp transmission and then also the file that it downloads onto the C:\TransCases\?
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Two things to consider, data in transit and data at rest.

With data at rest ensure server/folder is secure and perhaps even encrypted
With data in transit, you have to use SFTP or FTPS
0
cmp119IT ManagerAuthor Commented:
I got it all working now.  Thanks.
0
yo_beeDirector of Information TechnologyCommented:
Nice, but please update this question with the solution that worked.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
FTP

From novice to tech pro — start learning today.