How to use FileZilla over SOCKS with a Blue Coat Proxy SG unit (SGOS 5 and 6)
This document explains how to set-up the following:
1. FileZilla proxy config for SOCKS
2. BC Proxy Services
3. Blue Coat VPM
This KB assumes that you have already configured one of the following forms of authentication:
Step 1 – Set-up FileZilla
Once installing FileZilla go to Edit > Settings > expand the Connection menu and then expand the FTP menu > then select Generic Proxy.
As you image above show you need to select ‘SOCKS 5’ and then enter the IP address of the Blue Coat Proxy > specify the SOCKS port that will be set on the BC Proxy (by default this will be 1080). Then enter the correct Username and Password that will allow the client access.
Step 2 – Configuring the SOCKS service on the Blue Coat Proxy
Connect to the Blue Coat Proxy > Configuration > Services > expand the ‘Standard’ services list > locate the SOCKS service and change the service from ‘Bypass’ to ‘Intercept’.
Now locate the FTP service and make sure that this is also set to ‘Intercept’.
Step 3 – Configure the VPM for SOCKS access and Authentication
Connect to the Blue Coat Proxy > Configuration > Policy > Visual Policy Manager > click on the ‘Launch’ button.
You will first want to add the SOCKS Authentication Layer.
Go to Policy > Add SOCKS Authentication Layer:
Now the Layer has been added you will need to set the Action to use the Auth Realm you require:
Right click on the word ‘None’ underneath the Action column.
As per the image above click on the ‘New’ button and select ‘SOCKS Authentication’ and then select the Auth Realm you have configured. Your result should look something like:
Now in this basic scenario I have a Web Access Layer configured that is set to allow all traffic as you can see below:
The rule base will allow the FileZilla client to access any FTP site (or anything) and any User to access any site but thanks to the SOCKS Authentication Layer any connection that uses port 1080 has to authenticate to the Auth Realm set in the SOCKS Authentication Layer.
Now as you can see from the image below the FileZilla client can now connect to the FTP site via the Blue Coat Proxy.