To setup and install an FTP server in Azure, the easiest and quickest way is to install our FTP Server solution from the Azure marketplace. The image comes pre configured using a customized version of Filezilla FTP Server running on Windows server. It will allow you to securely transfer files using encryption over FTPS / SSL. Click on our links below to deploy to your Azure tenant
Azure FTP Server
Setup FTP Server on Azure on Windows 2019
Setup FTP Server on Azure on Windows 2016
Table of Contents
Azure FTP Server Video Tutorial
Getting Started with Azure FTP Server
Once your Azure VM has been deployed there are some post configuration steps to complete to start using this FTP Server.
Login using the credentials that were supplied during the VM creation.
Launch Filezilla Server Instance App
Launch the Filezilla server instance app, found on the desktop. On the launch screen press connect as shown below (password is blank):
Azure FTP Server - Passive Mode on
You should now be connected. You may see connection errors and NAT errors, this is normal as we need to complete some configuration. From the menu select
Edit > Settings > Passive Mode Settings
You’ll need to set a passive mode port range. Usually (50000-51000). These ports are used for data transfers to the server.
Set Public IP Address
For this next part you’ll need to make sure the VM has a public IP address to allow external clients to connect as shown in yellow.
To attach a public IP address to your VM, follow Microsoft’s guide
Once you have a public IP address associated with the NIC on your azure VM, add the IP address to the passive mode settings as shown below highlighted in yellow and also the passive port range:
Create Certificate (FTP over TLS)
The next step is to create a new private key and a self signed certificate, needed by FileZilla server to accept TLS connections.
Within the FileZilla server options, click on SSL/TLS settings. Check the Enable FTP over TLS support (FTPS).
Next click on Generate New Certificate > Fill in your company information.
IMPORTANT – In the common name (Server address) field make sure to add the public DNS name of your Azure VM. This can be found in the azure portal, as highlighted in yellow:
Save the key locally on the server and then press Generate certificate. No need to add a password.
Setup FTP Server Users
Option 1 - Create Local FTP Users
To setup local users and give access to directories locally on your server navigate to Edit > Users
Here you can add users and generate their passwords.
Then give the users access to your local folders you would like them to have access to.
The VM has a pre-configured folder on the C:\FTPDirectory that can be used or you can setup as many folders as you like.
Groups can also be setup and permissions applied at a group level.
Option 2 - Use Active Directory Integrated Users
Open settings > LDAP and select enable LDAP support. Beta.
Add your private IP address of your local domain controller. Add Port 389 and write the name of your domain name.
Select Enable TLS/SSL.
Next you need to add the users who need access to your FTP directories.
Select Edit > Users and here you’ll need to add the users full UPN that they use to logon to AD, for example if their name is firstname.lastname@example.org or yourdomain\jsmith we need to make sure we add this so it matches their login UPN email@example.com. We don’t need to add their password here as it authenticates against Active Directory, so make sure the password checkbox is unchecked.
Next check the boxes LOCAL and LDAP as in the screenshot below.
In the screenshot below I’ve added a test user from our AD called ftpuser and our AD domain is called yourdomain.com
Next is to assign these users to your FTP directories they need access to. Click on Shared Folders within the Users menu and add the local folders and assign permissions they need:
Azure FTP Server Firewall Ports
If you have NSG’s or firewall appliances in Azure you will need to open access to the following ports:
- Port: 21 (Used for FTP)
- Port: 990 (Used for FTPS)
- Port: 14147 (Used for FTP Server Administration)
- Passive Port Range: 50000 – 51000 (Used for data transfer)
To setup Azure firewall rules refer to – Azure Network Security Groups
FTP Client Software
FTP Server Support
For issues regarding setup of this solution, leave a message in the comments below or contact us directly for assistance.
Disclaimer: This FTP server solution is built using a modified version of Filezilla server opensource software. This solution is provided under GPLv2 licence. The respective trademarks mentioned in the offering are owned by the respective companies. No warrantee of any kind, express or implied, is included with this software
– Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user
– The author is not responsible for any damage that its use could cause.
Q: I receive the following error when connecting via my FTP client ‘425 Can’t open data connection.’
A: The passive port range (50,000 – 51,000) is being blocked by your firewall. Typically its usually not setup on your Azure Network Security Group (NSG).
Within the Azure portal, if you open the VM properties and under ‘Networking’ you should see ‘Network Security Groups’
The following guide explains how to edit the rules
Add a new rule to allow port ’50,000 – 51,000’ over TCP to Allow Source ‘Any’ Destination ‘Any’
Once you’ve added the rule, reboot the VM and it should now work