Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling SOCKS5 proxy in InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 2

    • Updated:
    • 18 Dec 2017
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

This article enumerates the steps on how to enable SOCKS5 proxy in IWSVA 6.5 Service Pack 2.

Details
Public

Install at least IWSVA 6.5 Service Pack 2 Patch 1 after checking the Readme file to make use of the options listed in the next sections.

  1. Enabling SOCKS5 proxy:

    Edit the file "/etc/iscan/network.ini", and add/modify the following two keys:

    socks5_proxy_enabled=yes
    socks5_proxy_port=1080

  2. Enabling SOCKS5 user authentication:

    To enable authentication for the SOCKS5 requests, add the following parameter to the same file as above:

    socks5_auth_enable=yes

    And specify the username and password when performing the authentication.

    The character ";" is expected to split multiple users, for example:

    socks5_auth_users=testuser/testpassword;testuser2/testpassword2

  3. Destination port ACL:

    Specify the destination port which can be rejected, for example:

    socks5_reject_dstport=443;8443

  4. Enabling ACL based on client IP:

    • Set the default action for the socks proxy, for example:

      default_allow_action = yes

       
      • #"yes" means that the default action is "allow", coordinated with the configuration "socks5_reject_srcip"
      • #"no" means that the default action is "reject", coordinated with the configuration "socks5_allow_srcip"
    • Specify the source ip range which can be rejected, for example:

      socks5_reject_srcip=127.0.0.1/32

    • Specify the source ip range which can be allowed, for example:

      socks5_allow_srcip=172.16.0.0/12;10.204.151.0/23

      All the SOCKS5-related settings that can be configured in the /etc/iscan/network.ini file:

      Click image to enlarge

       

      When modifying any of these settings, save the file and quit, then restart the socks proxy service using the following command:

      $/etc/iscan/S99ISsocks5 restart

      restart the socks proxy service

      Click image to enlarge

Use case: SOCKS5 user authentication

After configuring the settings, the IWSVA administrator can trigger one visit from a test client.

The administrator should set SOCKS5 proxy (for instance, Address:10.204.151.65 Port:1080) as web proxy on the test client, and input the username and the password.

Click image to enlarge

If you input an invalid username or password, the client will not be able to access internet as shown in the following:

Click image to enlarge

If the username and password are valid, the client can access the internet. This ensures that the current SOCKS5 proxy is working.

 username and password are valid

Click image to enlarge

The following are limitations and known issues of this feature:

  • IPv6 is not supported.
  • This feature only works in forward proxy mode.
  • The characters “/” and “;” are invalid for username and password.
  • The Rejected destination port does not support wildcards.
  • If an entry in “socks5_allow_srcip” is in conflict with one key in “socks5_reject_srcip”, such entries will be rejected.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1119002
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.