Skip to main content
Skyhigh Security

Configure a Mext-hop Proxy for SOCKS Traffic

To configure a next-hop proxy for SOCKS traffic, let Web Gateway run as a SOCKS proxy and implement suitable rule sets for enabling a next-hop proxy and filtering the traffic.

Enable a SOCKS proxy

Enable Web Gateway to run as a SOCKS proxy by configuring the proxies settings accordingly.

  1. Select Configuration | Appliances.
  2. On the appliances tree, select the Web Gateway appliance that you want to configure for running as a SOCKS proxy and click Proxies.
  3. Scroll down to the SOCKS Proxy section and select Enable SOCKS proxy.
  4. Click Save Changes.

Configure a next-hop proxy rule set for SOCKS traffic

To configure a rule set for SOCKS traffic, modify the criteria of the Next Hop Proxy library rule set and add a rule that enables a next-hop proxy under the SOCKS protocol.

  1. Import the Next Hop Proxy library rule set from the library.
  2. On the rule sets tree, move the rule set up and let it follow immediately after the rule set that you are using for authenticating users, for example, the Explicit Proxy Authentication and Authorization rule set.
  3. Replace Always as the rule set criteria by Connection.Protocol equals "SOCKS".
  4. Add a rule that enables a next-hop proxy.
    1. Configure the rule criteria to let the rule apply for particular requests.
      For example, use Client.IP matches in list Client IP as the rule criteria to let the rule apply only for requests sent from clients with an IP address that is on a particular list.
    2. Configure Continue as the rule action.
    3. Configure Enable Next Hop Proxy as the rule event.
    4. Configure the settings of the rule event.
      • Add a next-hop proxy to the list of next-hop proxies.
        When adding the next-hop proxy, make sure that you specify the SOCKS parameters as needed.
      • Configure the remaining options as needed.
  5. Click Save Changes.

You can add more rules to the Next Hop Proxy rule set, using different criteria each time for setting up a next-hop proxy.

Configure the SOCKS Proxy rule set

Configure a setting in the SOCKS Proxy rule set that is required for filtering traffic that is forwarded to next-hop proxies under the SOCKS protocol.

  1. Import the SOCKS Proxy rule set from the library.
  2. The rule set can be found under Common Rules.
  3. On the rule sets tree, let the rule set follow immediately after the Next Hop Proxy rule set.
  4. In the nested Protocol Detection rule set of the SOCKS Proxy rule set, click the settings for the Protocol Detector module.
    The default name of these settings is Default.
    The Edit Settings window opens.
  5. Under Protocol Detector Options, select Determine next-hop proxy after receiving embedded data.
  6. Click OK to close the window.
  7. Click Save Changes.

For more information about the SOCKS Proxy rule set, see Proxies.

  • Was this article helpful?