The Web Security appliance includes a SOCKS proxy to process SOCKS traffic. SOCKS policies are the
equivalent of access policies that control SOCKS traffic. Similar to access policies, you can make use of
Identification Profiles to specify which transactions are governed by each SOCKS policy. Once SOCKS
policies are applied to transactions, routing policies can then govern routing of the traffic.

Note the following regarding the SOCKS proxy:

•

The SOCKS protocol only supports direct forward connections.

•

The SOCKS proxy does not support (will not forward to) upstream proxies.

•

The SOCKS proxy does not support scanning services, which are used by Application Visibility and
Control (AVC), Data Loss Prevention (DLP), and malware detection.

•

The SOCKS proxy does not support policy tracing.

•

The SOCKS proxy does not decrypt SSL traffic; it tunnels from client to server.

Control Connection
Timeouts

The maximum number of seconds the FTP Proxy waits for more communi-
cation in the control connection from an idle FTP client or FTP server when
the current transaction has not been completed.

•

Client side. The timeout value for control connections to idle FTP
clients.

•

Server side. The timeout value for control connections to idle FTP
servers.

Data Connection
Timeouts

How long the FTP Proxy waits for more communication in the data connec-
tion from an idle FTP client or FTP server when the current transaction has
not been completed.

•

Client side. The timeout value for data connections to idle FTP clients.

•

Server side. The timeout value for data connections to idle FTP servers.