Configuring WinSCP FTP client to use Generic proxy settings to access over Edge-SWG
search cancel

Configuring WinSCP FTP client to use Generic proxy settings to access over Edge-SWG


Article ID: 170064


Updated On:


ProxySG Software - SGOS


Configuration steps needed to configure ftp client WinSCP to access through an explicit proxy by using the “HTTP proxy mode” option.


Customer needs to access an FTP server using an Explicit proxy by relaying to HTTP CONNECT


Configuration needed on the WinSCP

  • Open WinSCP application
  • Check the "Advanced options" to enable Proxy configuration link

  • Click on Proxy under Connection and select HTTP from the drop down menu. Make changes as in the below screenshot with values appropriate. Note: WinSCP (FTP) will only support Basic authentication. If proxy is using any other mode of authentication, extra rules will be needed to bypass authentication for the ftp server accessing

  • Also raise the timeout from the default value of 20 seconds to minimum of a 60 seconds as proxy process can add slight delay to the ftp access. Below screenshot shows the setting


Configuration needed on Edge-SWG

  • Rule to allow access to the ftp server (IP Address or Domain) as required by the policy
  • Rule to Authenticate or Bypass authenticate (optional)
  • If ftp server access is over an IP address, an RDNS lookup could be initiated by the proxy. This could add delay to the access if the DNS servers are not responding timely or there is no RDNS mapping for the server IP. Follow article TECH242050 (optional)
  • Note: If Detect Protocol is enabled in ProxySG, there could be a 30 second delay when proxy tries to detect the underlying protocol Ref# TECH243102. If need to avoid this, policy to bypass detect_protocol can be added. CPL example below

<Proxy> detect_protocol(no)