When considering how to use the ProxySG appliance to accept and forward traffic for application servers in your protected network, it's typical to start with the list of proxy services available on the appliance. In doing so, you'll find that there is no service for FTPS, which typically uses a range between 50000 and 50100 for communication.

To resolve this concern and allow this traffic to flow as expected, you can use a TCP Tunnel to handle the traffic. While your ProxySG appliance won't be able to inspect or cache the traffic being passed, it will accept and forward data from users on the Internet to your FTPS server.

1. As with standard Reverse Proxy deployments, configure your edge network to accept FTPS traffic and forward it to a Virtual IP on your ProxySG appliance.
2. Go to Configuration > Services > Proxy Services and click New Service. The New Service dialog appears.
3. Name the object FTPS Reverse Proxy.
4. Select the TCP Tunnel Proxy type.
5. Remove the check next to Enable ADN (If present)
6. Click New under Listeners. The New Listener dialog appears.
7. Set the Source address to All and set the Destination address as Explicit. Set the IP address as the VIP you've used in your proxy configuration (if applicable). Set the Port range to 50000 to 50100 (or set the range to match your FTPS configuration, if it uses a different port range than the standard range for FTPS. 

8. Click OK, OK, Apply to save the change.
9. Create a policy to allow this traffic to reach your server, as in a standard reverse proxy deployment.