Configuration steps needed to configure ftp client WinSCP to access through an explicit proxy by using the “HTTP proxy mode” option.

You need to access an FTP server using an Explicit proxy by relaying to HTTP CONNECT

Configuration needed on the WinSCP

1. Open WinSCP application.
2. Check the "Advanced options" to enable Proxy configuration link.
   
3. Click on Proxy under Connection and select HTTP from the drop down menu.
4. Make changes as in the below screenshot with values appropriate. Note: WinSCP (FTP) will only support Basic authentication. If proxy is using any other mode of authentication, extra rules will be needed to bypass authentication for the ftp server accessing.
   
5. Also, raise the timeout from the default value of 20 seconds to minimum of a 60 seconds as proxy process can add slight delay to the ftp access.
   The below screenshot shows the setting:
   

Configuration needed on Edge-SWG

• Rule to allow access to the ftp server (IP Address or Domain) as required by the policy
• Rule to Authenticate or Bypass authenticate (optional)
• If ftp server access is over an IP address, an RDNS lookup could be initiated by the proxy. This could add delay to the access if the DNS servers are not responding timely or there is no RDNS mapping for the server IP.
  • Follow article Disable RDNS Lookup for a Specific IP or Subnet (optional).
• Note: If Detect Protocol is enabled in ProxySG, there could be a 30 second delay when proxy tries to detect the underlying protocol. See: Functionality and expected behavior of the detect protocol feature. 
  • If you need to avoid this, a policy to bypass detect_protocol can be added. CPL example below:
    
    <Proxy>
url.domain=ftp.symantec.com detect_protocol(no)