What Is PASV FTP (Passive FTP)?

PASV FTP, also called passive FTP, is an alternative mode for establishing File Transfer Protocol (FTP) connections. In short, it solves the problem of an FTP client's firewall blocking incoming connections. "PASV" is the name of the command that the FTP client uses to explain to the server that it's in passive mode.

Passive FTP is a preferred FTP mode for FTP clients behind a firewall and is often used for web-based FTP clients and computers connecting to an FTP server within a corporate network. PASV FTP is also more secure than active FTP because the client initiates the transfer, as opposed to the transfer being initiated by the FTP server.

How PASV FTP Works

FTP works over two ports: one for moving data between the servers and another for issuing commands. Passive mode works by allowing the FTP client to initiate sending of both control and data messages.

Ordinarily, it's the FTP server that initiates the data requests, but this kind of setup might not work if the client firewall has blocked the port that the server wants to use. It's for this reason that PASV mode makes FTP "firewall-friendly."

In other words, the client is the one opening the data port and the command port in passive mode, so given that the firewall on the server side is open to accepting these ports, data can flow between both. This configuration is ideal since the server has most likely opened the necessary ports for the client to communicate with the server.

Most FTP clients, including web browsers like Internet Explorer, support a PASV FTP option. However, configuring PASV in Internet Explorer or any other client doesn't guarantee that PASV mode will work since FTP servers can choose to deny PASV mode connections.

Some network administrators disable PASV mode on FTP servers because of the additional security risks PASV entails.