Customer is using IIS (Internet Information Services) to run FTP service in a server. The customer would like to only allow FTP service to be accessed. After opening TCP ports, 20 and 21 in the Firewall rules, the FTP access still fails. In the NTP (Network Threat Protection) traffic log, it can been seen that incoming packets to application "inetinfo.exe" were blocked.
Inetinfo.exe is the process of Windows IIS (Internet Information Services), FTP service for IIS only able to work in Passive mode. Passive mode will request the FTP client to access a random TCP port of the FTP server. Accordingly, a random port was not allowed access.