Configuration needed on the WinSCP

• Open WinSCP application
• Check the "Advanced options" to enable Proxy configuration link

• Click on Proxy under Connection and select HTTP from the drop down menu. Make changes as in the below screenshot with values appropriate. Note: WinSCP (FTP) will only support Basic authentication. If proxy is using any other mode of authentication, extra rules will be needed to bypass authentication for the ftp server accessing

• Also raise the timeout from the default value of 20 seconds to minimum of a 60 seconds as proxy process can add slight delay to the ftp access. Below screenshot shows the setting

Configuration needed on Edge-SWG

• Rule to allow access to the ftp server (IP Address or Domain) as required by the policy
• Rule to Authenticate or Bypass authenticate (optional)
• If ftp server access is over an IP address, an RDNS lookup could be initiated by the proxy. This could add delay to the access if the DNS servers are not responding timely or there is no RDNS mapping for the server IP. Follow article TECH242050 (optional)
• Note: If Detect Protocol is enabled in ProxySG, there could be a 30 second delay when proxy tries to detect the underlying protocol Ref# TECH243102. If need to avoid this, policy to bypass detect_protocol can be added. CPL example below

<Proxy>
url.domain=ftp.symantec.com detect_protocol(no)