Merge pull request #216786 from madsd/asev3ftpports

ftp port config

Author: prmerger-automator[bot]

articles/app-service/environment/configure-network-settings.md

@@ -100,7 +100,7 @@ The setting is also available for configuration through Azure portal at the App
 
 :::image type="content" source="./media/configure-network-settings/configure-allow-incoming-ftp-connections.png" alt-text="Screenshot from Azure portal of how to configure your App Service Environment to allow incoming ftp connections.":::
 
-In addition to enabling access, you need to ensure that you have [configured DNS if you are using ILB App Service Environment](./networking.md#dns-configuration-for-ftp-access).
+In addition to enabling access, you need to ensure that you have [configured DNS if you are using ILB App Service Environment](./networking.md#dns-configuration-for-ftp-access) and that the [necessary ports](./networking.md#ports-and-network-restrictions) are unblocked.
 
 ## Remote debugging access
 

articles/app-service/environment/networking.md

@@ -76,6 +76,9 @@ The normal app access ports inbound are as follows:
 |Visual Studio remote debugging|4022, 4024, 4026|
 |Web Deploy service|8172|
 
+> [!NOTE]
+> For FTP access, even if you want to disallow standard FTP on port 21, you still need to allow traffic from the LoadBalancer to the App Service Environment subnet range, as this is used for internal health ping traffic for the ftp service specifically.
+
 ## Network routing
 
 You can set route tables without restriction. You can tunnel all of the outbound application traffic from your App Service Environment to an egress firewall device, such as Azure Firewall. In this scenario, the only thing you have to worry about is your application dependencies.