Using a TCP Proxy to Forward Traffic to a SOCKS Next-hop Proxy

Rule for forwarding traffic from a TCP proxy to a SOCKS next-hop proxy

The rule that forwards the traffic might look as the example shown here. It assumes that the listener port of the TCP proxy is 9102.

If traffic is coming in on this port, the rule event enables a next-hop proxy that runs under the SOCKS protocol. The event settings specify the details of this proxy.

Name
Forward traffic from a TCP proxy to a SOCKS next-hop proxy
Criteria                          Action     Event
Proxy.Port equals 9102         –> Continue — Enable Next-Hop Proxy<SOCKS Next-Hop>

Settings for a SOCKS next-hop proxy

The settings for the next-hop proxy that runs under SOCKS are configured as the settings of the event that enables this proxy. You can use the Next-Hop Proxy settings that are imported with the rule set as a starting point.

When creating the settings for the SOCKS next-hop proxy, you can keep the existing default list of next-hop proxies, but you need to add a proxy to this list.

The following values must be specified for this proxy:

• Name
• IP address and port
• SOCKS protocol version

For the remaining next-hop proxy options, you can keep the default values.

Troubleshooting

When issues with proxies occur, connection traces or TCP dumps are helpful. TCP dumps can also be loaded into an analyzing tool, such as Wireshark, that "understands" SOCKS.

If an error occurs on the connection from the TCP proxy to the SOCKS next-hop proxy, for example, if the next-hop proxy can't be reached after performing the number of configured retries, the connection is closed.

The user who works with a client of Web Gateway might notice the closing. But because TCP and SOCKS don't support reasonable error reporting to the client, this is usually all that is noticed on the client.

If the next-hop proxy can detect an embedded protocol within SOCKS, for example, HTTP, a block page or a similar message might be sent to the client.