Today, I completed the setup for my IIS7 FTP site - enabling SSL for secure transfer. It took me a little while longer than expected, mostly because I was looking for passive mode transfer settings in the wrong place at first. To save others from repeating my mistakes, here is a quick step-by-step how to get up and running:
First, we need to configure passive transfers (PASV). This is configured at the server level
via the (in my opinion) not-so-intuitive "FTP Firewall Support":
This shows the following panel (I have opened the range 2200 to 2205):
This panel is also available at the site level (that's where I got stuck), but it won't be of any use.
Although the FTP server is configured for passive, the Windows firewall isn't (and remember, it is on by default!). You need to create an inbound rule for the passive ports like so:
Now we are ready to enable secure FTP - and this is rather simple. Go to your FTP site, and check that the FTP SSL Settings are configured as follows (you could also force SSL connections to make sure no one unintentionally connects with their pants down):
You are basically all set. Give your setup a try using eg FileZilla. Create a new site in Site Manager, and set the server type to "FTP over SSL (explicit encryption)":
The last step is to make sure you are using passive mode (in FileZilla, this is part of Advanced):
If you didn't miss a step, you now should be able to securely connect to your FTP site.