When configuring the windows firewall, the best practice from MS is to add exceptions in the 'Advanced' section. Some examples.

To add IIS FTP:

Start -> Control panel -> Windows Firewall

Advanced (tab at top) -> Settings (in the Network Connection Settings area)

Toggle on 'FTP Server' from the list of services

You do the same for the web server as will be readily apparent when you look at the other services.

Important this completely by-passes the firewall (needed for passive ftp transfers for example) so the access control, if desired, must be configured in the application. For IIS you must enter the security tab.

As opposed to the above way, you can use the firewall to pass in a port and also add an executable, but the above way is the 'Best Practice' from MS.