You can configure Web Gateway to run as a proxy that forwards web traffic under the SOCKS (Sockets) protocol.
When web traffic goes on under the SOCKS protocol, it also follows an embedded protocol, which can be, for example, HTTP or HTTPS.
The embedded protocol can be detected on Web Gateway, and if filtering is supported for web traffic under this protocol, the configured filtering rules can be processed for this traffic. If filtering is not supported, the traffic can be blocked by a suitable rule.
There are some restrictions to using the SOCKS protocol for the proxy functions on Web Gateway:
- The SOCKS protocol version must be 5, 4, or 4a.
- The BIND method is not supported for setting up connections under the SOCKS protocol.
Web traffic that is forwarded by a next-hop proxy under the SOCKS protocol can be protected using level 1 or 2 of the Kerberos authentication method.
In this case, encryption that would also make this traffic SSL-secured cannot by applied, so SSL scanning is not required. The default SSL Scanner rule set therefore includes a criteria part that lets this traffic skip SSL scanning.