Active and passive are the two modes that FTP can run in.
For background, FTP actually uses two channels between client and server, the command and data channels, which are actually separate TCP connections.
The command channel is for commands and responses while the data channel is for actually transferring files.
This separation of command information and data into separate channels a nifty way of being able to send commands to the server without having to wait for the current data transfer to finish. As per the RFC, this is only mandated for a subset of commands, such as quitting, aborting the current transfer, and getting the status.
In active mode, the client establishes the command channel but the server is responsible for establishing the data channel. This can actually be a problem if, for example, the client machine is protected by firewalls and will not allow unauthorised session requests from external parties.
In passive mode, the client establishes both channels. We already know it establishes the command channel in active mode and it does the same here.
However, it then requests the server (on the command channel) to start listening on a port (at the servers discretion) rather than trying to establish a connection back to the client.
As part of this, the server also returns to the client the port number it has selected to listen on, so that the client knows how to connect to it.
Once the client knows that, it can then successfully create the data channel and continue.
More details are available in the RFC: https://www.ietf.org/rfc/rfc959.txt
FTP in active mode needs to open a connection back to you, and a lot of firewalls can't handle that. It certainly wouldn't fly in the corporate environment I work in. So passive mode tends to be easier to get working.
If VS has no option for changing this, I guess they went for the dumbed-down failsafe option. But I don't know VS, so I'm just guessing.
Best Answer
Not so familiar with iis7 but I can help you on some issues.
Passive vs Active ftp connection. When active, it means that the server contacts the client, the client chooses a port that will be used to transfer data and then sends it back to the server to use. Passive is used when people are behind a firewall for example and it means that the client doesn't choose a port but rather the server does that and the clients connect to it.
In short, if client doesn't allow for the server to initialize the connection then passive mode is used. More information here.
Doesn't matter if the connection is passive or active, the security is the same.
On why does it timeout is a bit hard. There may be several timeout settings, one for active and one for passive connections. There may also be other set of rules that override the ones you are using etc...