I just realized that while I’m behind my Threat Management Gateway (TMG 2010 formerly ISA) I can’t upload/write/save/delete files on an external FTP site! I can connect using FileZilla without any problem, but as soon as I tried to upload something I’d receive the following errors in the log:
Status: Resolving address of xxxxxxx
Status: Connecting to xxxxxxxxx...
Status: Connection established, waiting for welcome message...
Response: 220-Microsoft FTP Service
Response: 220 Winhost.com FTP
Command: USER xxxxx.
Response: 331 Password required for xxxxxx.
Command: PASS **********
Response: 230-Welcome
Response: 230 User logged in.
Command: OPTS UTF8 ON
Response: 550 Access is denied.
Status: Connected
Status: Starting upload of C:\Users\matt\Desktop\TESTFILE.txt
Command: CWD /xxxxxxxxx
Response: 250 CWD command successful.
Command: PWD
Response: 257 "/xxxxxxx" is current directory.
Command: TYPE A
Response: 200 Type set to A.
Command: PASV
Response: 227 Entering Passive Mode (xxxxxxx,223).
Command: STOR TESTFILE.txt
Response: 550 Access is denied.
Error: Critical file transfer error
Naturally I checked my TMG firewall log before contacting my host’s support team, but no error of any kind shows in the TMG logs. I was convinced it was my host so I actually changed hosting providers only to encounter the same thing. AHHH!
I finally found the solution. If, and only if, you add a firewall rule that involves the FTP protocol, then a magical new menu item appears in the right-click context menu called Configure FTP. By default, the value is set to Read-Only, uncheck that and you’ll be good to go.

Poorly done if you ask me. There should be a warning in the logs or some kind of alert telling you there are new configuration menus if you create certain types of rules (why wouldn’t this be on the Action Pane?).