Enabling or disabling passive mode
BlueZone Secure FTP can be configure for Passive Mode or Active Mode FTP file transfers. In BlueZone Secure FTP, new FTP Host connections have Passive Mode enabled by default.
Passive Mode is usually required when the application is being used behind a Firewall. Active Mode is typically used when there is no Firewall between the client and the FTP Host.
FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'control port (also known as the command port). Traditionally these are port 21 for the control port and port 20 for the data port.
Active mode
Active mode is the traditional communication method between an FTP client and FTP server. In this mode the FTP client establishes a connection from a random, unprivileged (>1024) port (X), to the FTP server's control port (21). The FTP client then notifies the FTP server which unprivileged port (X+1) it should connect back to. The FTP server then initiates a connection from its data port (20) to the specified FTP client port (X+1).
The potential problem here is that the connection between the FTP server and the FTP client on port X+1 is initiated by the FTP server, which means that security devices in front of the FTP client (like a Firewall) must allow remote hosts to establish connections to their clients on any port over 1024. In today's world, no Firewall would be configured in this way.
Passive mode
In passive mode, client opens two unprivileged ports (X and X+1). A connection is made from X to the FTP server's control port (21). The FTP server then opens an unprivileged port (Y) and notifies the client of this port. The client then initiates a connection from X+1 to port Y on the FTP server.
By using this technique, the client (not the FTP server) drives which ports are used so that the client side Firewall can block inbound connection requests to ports greater than 1024 for increased security on the network.
The transfer mode is applied separately for each connection that you have configured. This allows you to have some connections set to Active Mode and some set to Passive Mode. By default, Passive Mode is enabled when creating new connections.
1. To enable Active mode, click Session Configure Edit Miscellaneous. from the menu bar.
2. Clear the Passive Mode check box.
3. Click OK.
If you receive error message "500 Invalid Port Command", when connecting to an FTP Host, you are probably behind a firewall. You must turn on Passive Mode in order for the connection to work.
Related Links
Miscellaneous options (Parent Topic)