Skip to main content

Active vs Passive Mode

The FTP protocol supports two data connection modes: Active and Passive. Files.com recommends using Passive mode for all FTP and FTPS connections.

In Active mode, the FTP client opens a port and waits for the server to initiate the data connection back to the client. This setup often causes problems when the client sits behind a firewall or NAT, because inbound connections from the server may be blocked.

In Passive mode, the server opens a port instead, and the client initiates both the control and data connections. This design avoids inbound connection issues, making Passive mode more compatible with modern networks and corporate firewalls.

Understanding Active Mode FTP

FTP originally used Active mode as its default. This mode predates firewalls and is now considered outdated. Use Active mode only within a local network (LAN) where no firewall separates the client and server.

In Active mode, the client first connects to the server using the Command channel. The port depends on the FTP variant:

  • FTPS (implicit FTP over TLS): Port 990 (default) or 3990 (alternative Files.com port)
  • FTPES (explicit FTP over TLS): Port 21 (default) or 3021 (alternative Files.com port)
  • Plain FTP: Port 21 (default, disabled by default) or 3021 (alternative Files.com port, also disabled unless specifically enabled for business needs)

After authentication, the client sends the server its IP address and a list of available port numbers. The server then connects back to the client using one of these ports to establish the Data channel.

When uploading or downloading, the client sends the transfer command over the Command channel, while the actual file data travels through the Data channel.

Because Active mode requires inbound connections from the server, firewalls or NAT configurations often block these transfers. For that reason, Files.com recommends using Passive mode whenever possible.

Understanding Passive Mode FTP

Passive (PASV) mode was developed for clients that cannot receive inbound connections, such as those behind firewalls or on NAT networks. Due to its reliability and compatibility, Passive mode has become the standard and recommended connection method for FTP.

In Passive mode, the client initiates both the Command and Data channels. The Command channel uses the same ports as in Active mode:

  • FTPS (implicit FTP over TLS): Port 990 (default) or 3990 (alternative Files.com port)
  • FTPES (explicit FTP over TLS): Port 21 (default) or 3021 (alternative Files.com port)
  • Plain FTP: Port 21 (default, disabled by default) or 3021 (alternative Files.com port, also disabled unless enabled for business needs)

After authentication, the server provides the client with the range of available ports for Passive Data channels. The client then selects a random port within that range and connects to the server to establish the Data channel.

For Files.com, all FTP variants use the following Passive Data channel range: Ports 40000–50000.

During file transfers, the Command channel sends the control instructions, and the Data channel carries the file content. This direction of connection—from client to server—avoids firewall conflicts and ensures more reliable transfers across corporate networks.

Ready to Transform Your File Infrastructure?

Join over 4,000 organizations that trust Files.com to manage their mission-critical file flows. Start your free trial today and see why we're the #1 rated file orchestration platform.

Start Free TrialRequest a Demo

No credit card required • 7-day free trial • Setup in minutes