| In this scenario, an internal user requests to access SFTP server using a FileZilla client, where FortiProxy acts as an intermediate proxy to authenticate this application access traffic. - To enable a SOCKS proxy:
Go to Proxy Settings -> Explicit Proxy -> Select web proxy name -> Select Edit. Enable the SOCKS Proxy checkbox and enter a port number. 
- To configure proxy authentication scheme:
Go to Policy & Objects -> Authentication Rules -> Authentication Schemes -> Create New. Select the authentication methods. Note: Socks authentication rule can only support basic or Kerberos authentication methods. 
- To configure proxy authentication rule:
Go to Policy & Objects -> Authentication Rules -> Create New. Select Socket Secure under protocol selection to match SOCKS authentication traffic. 
- Create or edit a policy to allow SOCKS proxy traffic.
 - Access to an external SFTP server by using the FileZilla client.
- Execute the following commands to confirm user authentication and SOCKS proxy access traffic.
diagnose wad user list diagnose wad filter process-id-by-src <client-ip>
diagnose wad debug enable category sock
diagnose wad debug enable category auth
diagnose debug enable fpx # diagnose wad user list ID: 5, VDOM: root, IPv4: 10.165.2.76
user name : aduser1@fortilab.local
worker : 0
duration : 8916 seconds
auth_type : IP
auth_method : socks-Basic
pol_id : 1
g_id : 3
user_based : 0
expire : N/A (in use)
LAN:
bytes_in=338753 bytes_out=2865394
WAN:
bytes_in=2851940 bytes_out=299708 fpx # Wad debug: Matching authentication rule
[I][p:962][s:4604] wad_auth_rule_match :1471 match auth rule succ: Socks_Rule
[I][p:962][s:4604] wad_socks_get_user :2743 ss=0x7fb90daf4450 auth-rule=Socks_Rule ip-based=1
[I][p:962][s:4604] wad_hauth_user_node_is_valid :2914 auth find unmatched scheme or auth type user node.(name: aduser1@fortilab.local, scheme: NTLM, IP based)
...
[I][p:962][s:4604] wad_socks_auth_method_response :3119 ss=0x7fb90daf4450 scheme=socks-Basic socks_method=0x02
...
[I][p:962][s:4604] wad_socks_auth_status_proc :1499 authenticate result=success Wad debug: Matching policy rule [I][p:962] wad_socks_policy_match_one :124 fw_pol_id=1(pol_ctx:mx|A|7?|=p) pflag:H|W|U|A asyn_info=1
[V][p:962] wad_fw_policy_check_user :6411 user_node=0x7fb916c7f758
[I][p:962] __wad_fw_policy_match_user :5875 matched cached grp:Socks_Users
[I][p:962] wad_fw_policy_async_match :6820 pol_ctx:mx|A|7?|=d
[I][p:962] wad_socks_policy_set :1979 match policy-id=1(pol_ctx:mx|A|7?|=d) vd=0:0(ses_ctx:x|Phx|Mde
|H|C|A7|O) pid=962 out_if=3 user=aduser1@fortilab.local (anony:0) 10.165.2.76:58567 -> 194.108.117.16:22 av_idx=0 Related article: Technical Tip: A basic working sample for Telnet over SOCKS 5 Proxy | 
