Start Trial

FTP and FTPS ports: an overview

by | May 20, 2025 | FTP Basics, Informational

FTP ports: what they are, the types, and which port number to use

Understanding FTPS and FTP port connections

Transferring files securely requires a comprehensive understanding of the connections, ports, and IP addresses utilized by FTP (File Transfer Protocol) and its secure version FTPS (FTP over TLS/SSL). This guide provides an in-depth look at these protocols’ commonly used control and data ports, their differences, and firewall considerations.

FTP and FTPS connections primarily consist of two types: the control connection and the data connection. The client initializes these connections with an FTP server like Cerberus, and both are required for data transfer.

What is the FTP/S control connection?

The control connection is the initial link established when a client connects to an FTP server using the server’s IP address. Also known as the control channel, this connection’s purpose is to grant clients access to the server and enable them to send FTP commands and receive server responses.

What is the FTP/S control connection port number?

  • TCP Port 21 (often called FTP port 21) is the default control connection port for FTP.
  • Port 990 is the default control connection port for FTPS.

These ports are where the server side initiates an FTP session. However, these default ports are not set in stone. As a server administrator, you are free to adjust the listener to any open port on the system. 

What is the FTP/S data connection?

The data connection is the pathway through which the FTP server exchanges file listings (like directory listings in ASCII format) and transfers files. FTP clients instruct servers to send a file listing or transfer a file through this connection.

What is the FTP/S data connection port number?

  • Port 20 is the most common data connection port for FTP.
  • Port 989 is the default data connection port for FTPS.

What are active and passive FTP/S modes?

FTP/S can run in two modes, active and passive, depending on how you want your client and server to establish their connections.

  •  

In active mode, the client opens a random port, sends the FTP server the information via a PORT command, and waits for the server to initiate the connection. However, active FTP often faces issues with firewalls blocking incoming connections.

In passive mode FTP, after authentication, the server opens a random port, sends this port number back to the client via the PASV command, and waits for the client to initiate the data connection. Passive mode is generally more firewall-friendly, as the connections are all initiated from the client side.

Do active and passive FTP/S modes use different port numbers?

Cerberus makes FTP port management easy. Get a free trial of Cerberus FTP Server today! 

FTP vs. FTPS Port Connection Usage – Implicit vs. Explicit

FTP and FTPS use different ports, and these choices dictate the security behavior of clients and servers. FTPS can operate in two modes: Explicit FTPS and Implicit FTPS.

In Implicit FTPS, connections established via Port 990 will automatically perform an SSL/TLS (Secure Sockets Layer/Transport Layer Security) handshake, implying a secure connection.

On the other hand, in Explicit FTPS, connections established via Port 21 need an additional AUTH command to enable security, i.e., to start the SSL/TLS session. The security features of FTPS protect your data from being sent as plain text or unencrypted over the network protocol.

Firewall Considerations

But if you’re running a software-based firewall, ensure your router doesn’t block the chosen port. If blocked, your FTP or FTPS server will be invisible and inaccessible to users.

When using FTPS, specific firewall ports must be open to ensure smooth file transfers. The command and data channels must be open on the client and server. Understanding the range of ports to open can be complex, requiring careful configuration of your port range and endpoints.

In some cases, you may also need to facilitate FTP port forwarding. Hence the need for intelligent FTPS servers like Cerberus FTP Server.

What transport layer does FTP/S use?

Both FTP and FTPS operate over TCP (Transmission Control Protocol).

Conclusion

Understanding FTP and FTPS ports is crucial for secure file transfers. The choice between FTP and FTPS and the preferred port numbers often depends on your specific security needs and system configurations.

Apps and command-line tools help implement and manage these protocols, ensuring permissions are correctly set and public key authentication is used when needed. Using a secure, turnkey file transfer solution like Cerberus will make this much easier on you with its robust set of management features. Feel free to download a trial to experience secure file transfer like never before. Your first 25 days are free.

Frequently Asked Questions

What port does FTP use?

FTP uses port 21 for the command port and port 20 for the data port. In addition to ports 21 and 20, FTP can be configured to use a range of passive ports for data transfer, typically between 1024 and 65535.

What port does FTPS use?

When operating in explicit FTPS mode, FTPS typically uses port 990 for the command port and port 989 for the data port. However, implicit FTPS mode typically uses port 990 for both command and data connections.

Is FTPS port 21 or 990?

FTPS typically uses port 990 for control connections and port 989 for data connections under implicit security. However, FTPS can also use port 21 when operating under explicit security.

Learn more about the difference between FTPS vs HTTPS for secure file transfers.

Does FTPS use port 22?

No, FTPS does not use port 22. This port is primarily associated with SFTP (SSH File Transfer Protocol, part of Secure Shell).

Read more about the differences in SCP vs SFTP on our blog.

What is the difference between port 21 and 990?

Port 21 is FTP’s default control connection port, while port 990 is the same for FTPS. The main difference lies in their expected security behavior. Port 990 implies implicit security, whereas port 21 can be used with explicit security.

Read our blog post on how secure is FTP to learn more about these differences.

What port is FTP and FTPS?

FTP uses port 21 for control connections and port 20 for data connections. FTPS uses port 990 for control connections and port 989 for data connections under implicit security. When using explicit security, FTPS can also use port 21.

Learn more about securing an FTP or SFTP server on our blog.

Remember, knowledge about these protocols, ports and RFC 959 (the original FTP standard) can help you secure and manage file transfers effectively.

Download a risk-free 25 day free trial of Cerberus FTP Server for Secure File Transfers today which supports for FTP and FTPS, along with many other protocols. Download now

Related posts:

  1. OpenSSL vulnerability fixed in Cerberus FTP Server version 11.3.6
  2. Cerberus FTP Server 12.10 presents Independent Directory and File Level Permissions
  3. Moving to OpenSSL 3 in Cerberus FTP Server 12.11
  4. FTP Server Password Policy Recommendations: Keeping Your Passwords Secure