FTP Adatpter Port openings

Question

Hello,

Iam using the FTP adapter for sending and receive files to a unix server.
The security administrator is not allowing for opening the high end ports between biztalk server and
the unix servers.
Can this be achieved be just by opening ports 20 & 21
Is there a way we can restrict the ports used for FTP communication.
Any documents available at MS site regarding FTP ports to be opened?

My Environment
BTS 2010
SQL 2008

Thanks

Answer 1

I think this is not possible by opening only 2 ports for details on what need to be refer to the article How FTP port requests challenge firewall security

---

Please mark the post answered your question as answer, and mark other helpful posts as helpful, it'll help other users who are visiting your thread for the similar problem, Regards -Rohit Sharma (http://rohitt-sharma.blogspot.com/)

Answer 2

In the FTP adapter you specify the port number you wish to use. By default port 21 is used for FTP traffic so that won't be an issue if I understand correctly what you're saying.

---

Jean-Paul Smit | Didago IT Consultancy
Blog | Twitter | LinkedIn
MCTS BizTalk 2006/2010 + Certified SOA Architect

Please indicate "Mark as Answer" if this post has answered the question.

Answer 3

Thanks for the response.

I had raised the request with Network team as follows:

Source Biztalk sever IP

port Any

Destination Unix Server IP

Port 20,21

Direction - Two way.

From the link given by Rohit  this looks sufficient for file transfer.

Also from BizTalk server I am able to open the FTP window from command prompt.

But the messages are not getting picked up from server by the adapter there is no error.

When I try to send message using FTP send adapter it goes to active state without any error..

Any idea on this behaviour..

Thanks

Answer 4

Hi Harik,

Eventhough this is FTP adapter please make sure the FTP server is supported by BizTalk. Refer http://support.microsoft.com/kb/841478 to verify this.

Answer 5

Hi Harik,

In the FTP adapter receive location configuration , please check the following values:

1- under FTP section, check that the file mask is *

2- under tuning parameters , there is a parameter TEMPORARY FOLDER. sometimes setting a temporary path for pulling will solve issues like that. create a folder and name it tempFTP then set the name in that parameter.

3- Under FTP section please set a path for the log. so you can see what is happening (highly recommended) 

4- please make sure that your host instance that is bound to your receive location is created and started

hope that helps,

---

Regards, Mazin - MCTS BizTalk Server 2006

Answer 6

Hi Harik,

  Your scenario will work if you are using "Active" mode of transfer for FTP. If you are using "Passive" mode you will require different port openings. I assume you are using Active mode. You can verify by logging onto FTP server using command prompt. On receive side once basic FTP connectivity is verified you can concentrate on BizTalk specific thing such as File Mask. Also for send port . you can use wireshark (or FTP log trace) tool to see if your is able to connect to server. One of the other things to notice is if port "AUTH" packet is being sent by server to authenticate user (on port 113) it just delays FTP connection in case port is blocked but still should work after "AUTH" request is timedout (after 30-60 seconds).

Hope it helps.

Regards,

Vijendra

Answer 7

Also from BizTalk server I am able to open the FTP window from command prompt.

Try to send (receive) a file just from command window, forget Biztalk for a while.

Check permissions of account/folder.

Also, consider sending files from unix server rather than pulling them from BTS server.

Answer 8

We have the same issue; here Unix server is not like Windows server, it having number of security restrictions.

Discuss with Unix admin to provide permission (Read and write) to access Unix (Or configured path).then open this (configured Path) in Command window or in IE (Using given credentials) ,  is able see configured folders (and try create and delete folder for test permission)

Thanks

Vittalaranga