Install Filezilla Secure FTP Server on Azure Server 2016

This guide explains the steps required to get Filezilla FTP Server running on Azure using our virtual machine app in the marketplace.

 

deploy FTP to Azure

 

Once your Azure VM has been deployed there are some post configuration steps to complete to start using the Filezilla FTP Server

 

Login

Login using the credentials that were supplied during the VM creation

 

Launch Filezilla Server Instance

Launch the Filezilla server instance app, found on the desktop.  On the launch screen press connect as shown below (password is blank):

 

Filezilla server instance

 

Passive Mode

You should now be connected. You may see connection errors and NAT errors, this is normal as we need to complete some configuration.  From the menu select > Edit > Settings > Passive Mode Settings

 

You’ll need to set a passive mode port range. Usually (50000-51000). These ports are used for data transfers to the server.

 

Set Public IP Address

For this next part you’ll need to make sure the VM has a public IP address to allow external clients to connect as shown in yellow. 

 

To attach a public IP address to your VM, follow Microsoft’s guide

 

Once you have a public IP address associated with the NIC on your azure VM, add the ip address to the passive mode settings as shown below highlighted in yellow and also the passive port range:

 

 

Create Certificate (FTP over TLS)

The next step is to create a new private key and a self signed certificate, needed by FileZilla server to accept TLS connections. 

 

Within the FileZilla server options, click on SSL/TLS settings.  Check the Enable FTP over TLS support (FTPS).

 

Next click on Generate New Certificate > Fill in your company information.

 

 

IMPORTANT – In the common name (Server address) field make sure to add the public DNS name of your Azure VM.  This can be found in the azure portal, as highlighted in yellow:

 

Public-DNS

 

Save the key locally on the server and then press Generate certificate.  No need to add a password.

 

Setup Users

There are 2 options:

 

  1. Create local users and assign access 
  2. Integrate Active Directory and allow users to use thier domain logins to authenticate

 

Option 1 (Local Users)

To setup local users and give access to directories locally on your server navigate to Edit > Users

 

Here you can add users and generate their passwords.

 

Then give the users access to your local folders you would like them to have access to.  The VM has a pre-configured folder on the C:\FTPDirectory that can be used or you can setup as many folders as you like.  Groups can also be setup and permissions applied at a group level.

 

shared-ftp-folders

 

Option 2 (Active Directory Integrated)

 

Open settings > LDAP and select enable LDAP support. Beta.

 

Add your private ip address of your local domain controller. Add port 389 and write the name of your domain name.

 

Select Enable TLS/SSL

 

Active-Directory-FTP-Filezilla

 

Next you need to add the users who need access to your FTP directories. 

 

Select Edit > Users and here you’ll need to add the users full UPN that they use to logon to AD, for example if their name is jsmith@yourdomain.com or yourdomain\jsmith we need to make sure we add this so it matches their login UPN jsmith@yourdomain.com. We don’t need to add their password here as it authenticates against Active Directory, so make sure the password checkbox is unchecked.

 

Next check the boxes LOCAL and LDAP as in the screenshot below.

 

In the screenshot below i’ve added a test user from our AD called ftpuser and our AD domain is called yourdomain.com

 

FTP ad

 

Next is to assign these users to your FTP directories they need access to. Click on Shared Folders within the Users menu and add the local folders and assign permissions they need:

 

ADPermissions

 

Now would be a good time to test if you can connect using an FTP client.  If you can’t connect, try the next step and to configure any NSG / Firewall rules.

 

Configure NSG Rules / Firewall Rules

If you have NSG’s or firewall appliances in Azure you will need to open access to the following ports:

  • Port: 21 (Used for FTP)
  • Port: 990 (Used for FTPS)
  • Port: 14147 (Used for FTP Server Administration)
  • Passive Port Range: 50000 – 51000 (Used for data transfer)

 

 

Filezilla Architecture

 

Client FTP Software

To allow clients to connect, users can use any FTP client.  You can use FileZillas FTP Client

 

Support

For issues regarding the FileZilla software use the FileZilla community forum

 

If you would like to use our managed azure service and let us take care of managing your VMs, get in contact with us

 

Any other questions about the setup of the VM in Azure, leave your comments below

 

Want some help (hire us)?

If you would like us to implement the Filezilla server into your environment and fully configure it and get it up and running, get in contact with us and we will get you up and running asap

 

 

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

17 Comments
  • Evgeniy
    Reply
    Posted at 12:28 pm, 1st July 2018

    Do not forget about windows firewall, need to open ports or disable it.

  • Tod Richard
    Reply
    Posted at 4:52 pm, 13th July 2018

    What would the monthly cost be for this setup?

  • Sidney Mulder
    Reply
    Posted at 12:00 pm, 25th July 2018

    I followed the instructions as discribed above. My client does connect but fails to retreive the directory listing. Any idea what is happening?

      • Sidney Mulder
        Reply
        Posted at 12:56 pm, 26th July 2018

        Hi Andrew,

        I’m now using the FileZilla Client. This client puts out this output:
        (000005)7/26/2018 11:47:16 AM – daxtimetell-test (x.x.x.x)> PASV
        (000005)7/26/2018 11:47:16 AM – daxtimetell-test (x.x.x.x)> 227 Entering Passive Mode (y,y,y,y.195,84)
        (000005)7/26/2018 11:47:16 AM – daxtimetell-test (x.x.x.x)> MLSD
        (000005)7/26/2018 11:47:26 AM – daxtimetell-test (x.x.x.x)> 425 Can’t open data connection.

        I have created a subfolder in C:\FTPDirectory called FTPUser and set only that folder in the shared folders of that particular ftpuser. I gave it all available permissions.

        I added the passive portrange 50000-51000 to the firewall of the Network Security Group that came with de deployed FTP Server. No extra Firewall is added yet. Also disabled the firewall within Windows Server 2016, just to be sure.

        I hope you can help me further.

        Best regards,
        Sidney

        • Sidney Mulder
          Reply
          Posted at 11:25 am, 27th July 2018

          Hello Andrew,

          I figured out what the problem was. A faulty NSG rule I configured for the passive ftp ports caused this problem. Thanks for you help.

          Sidney

  • Andrew Fitzgerald
    Reply
    Posted at 6:57 pm, 26th July 2018

    Hi Sidney,

    Are you connecting to the FTP server externally via public IP or internally via your LAN on private IP?

    Is there a company firewall or router that your going through in order to connect to the FTP server ?

    It sounds like there is a network device in between your connection

    There is a thread of Filezilla forum with someone else who had the same issue and how they resolved it:
    https://forum.filezilla-project.org/viewtopic.php?t=34901

    There is a guide on Filezilla on network setup, have a read of the following and let me know if that solves your issue – https://wiki.filezilla-project.org/Network_Configuration

    Thanks
    Andrew

  • Rick Nice
    Reply
    Posted at 1:50 pm, 3rd August 2018

    Hi Andrew,

    Does the version of FileZilla server you supply support UNC file paths?

    Thanks

    Rick

  • Keith
    Reply
    Posted at 2:47 am, 21st August 2018

    I followed these instructions, created local users and tested from a remote Filezilla client.

    The client can connect to the server…, and I see that the server is sending the welcome message, but the client never receives the message.

    Server:
    (000034)8/21/2018 1:42:51 AM – (not logged in) (XX.XX.XX.XX)> Connected, sending welcome message…
    (000034)8/21/2018 1:42:51 AM – (not logged in) (XX.XX.XX.XX)> 220-FileZilla Server version 0.9.41 beta LDAP
    (000034)8/21/2018 1:42:51 AM – (not logged in) (XX.XX.XX.XX)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
    (000034)8/21/2018 1:42:51 AM – (not logged in) (XX.XX.XX.XX)> 220 Please visit https://cloudinfrastructureservices.co.uk
    (000034)8/21/2018 1:43:11 AM – (not logged in) (XX.XX.XX.XX> disconnected.

    Client:
    Status: Connecting to XX.XX.XX.X:990…
    Status: Connection established, waiting for welcome message…
    Error: Connection timed out after 20 seconds of inactivity
    Error: Could not connect to server

    Any ideas?

  • Posted at 1:59 pm, 3rd September 2018

    Hi
    Is this an SAS or IAS offering ?
    Will the FileZilla software patch itself ?
    Will we get a login for the virtual sedrver and need to login to the desktop ?
    Regards
    Greg

  • Angelo Punturiero
    Reply
    Posted at 4:31 pm, 27th November 2018

    Hello,
    if an anterprise user has to send file from his local pc is possible to enable it to mount the directory remotely?

    Or, alternatively is possible to use a local filezilla client to point to remote filezilla server?

    These question in order to avoid large file copy on the Ftp_Vm .

    Thanks in advance,

    AP

Post a Comment

Comment
Name
Email
Website