How do I setup WinSCP FTP client to work through the explicit FTP service on the ProxySG?
The ProxySG uses authentication.  How do I get WinSCP to work with my authentication?

This document assumes that you have set the ProxySG to intercept FTP traffic explicitly and are using Raptor login syntax for your ProxySG.  For details on Raptor syntax, please see Supporting File Transfer Protocol (FTP) on the Edge SWG (ProxySG).  Please note that the menu options described below are from WinSCP v4.3.9 and may change with newer versions of the FTP client.

1. Start WinSCP. The WinSCP Login Dialog will appear

2. Select the Session tab (it will be selected already if you are using WinSCP for the first time)

3. Enter your host name to Host name field, username to User name and password to Password

4. Under Connection, go to Proxy

Select the drop-down menu next to Proxy Type and enter the following type:

USER %u@%h %s
 

For "Proxy host:", enter the IP address of your ProxySG (or the hostname if the client is able to resolve it via DNS). For "Proxy user:", enter the username used to authenticate to the ProxySG.  For "Proxy password:", enter the proxy password of the user.  Please see the screen shot for details.

5. (optional) Click on the Save button to save your changes.

6. Click on Login as you normally do.  WinSCP will connect to the ProxySG and pass the remote host, remote host credentials, and ProxySG credentials.  The ProxySG will then establish a connection to the FTP server using the credentials provided by the user.

NOTE:  If WinSCP intermittently works (it works once, then fails for a while, then works again), see Using a different authentication mode based on protocol for a way to work around the issue. Also, if the proxy is not configured for authentication and you are having trouble using the syntax above, try removing the proxy username and password variables (" %s" and "ACCT %w") and be sure not to include a trailing space after the variables.  If you have used these steps and Filezilla continues to fail, ensure you have "Allow Basic credentials" checked on your IWA Servers tab in your IWA authentication settings.  To locate that setting, go to Configuration > Authentication > IWA > IWA Servers tab > Allow Basic credentials.