Hi,
SFTP currently is not natively supported in WSA, we do have a feature request on this:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv35912
However, WSA can configure for WSA to only perform Connect Tunnelling for it:
SFTP (SSH File Transfer Protocol)
The whole communication is using only a single port (22). Therefore like scp a SFTP client will try to connect on port 22 to the server. If a proxy is in between, the following will happen:The SFTP client will be configured to use the normal Web Proxy, not the
FTP Proxy, for example it will send a CONNECT <SFTP server URL>:22 to the WSA on port 3128 (default Web Proxy port).
To allow the traffic, the WSA must be configured as follows:
- The corresponding access policy must allow connects to port 22 and the WSA must be allowed to establish connections to that destination URL/IP and port (Access Policy -> Protocols and User Agents column -> HTTP CONNECT Ports -> make sure port 22 is listed there.
- The traffic must be passed through since it's non standard HTTPS traffic
- You must allow tunnelling of non-standard HTTPS traffic (CLI > advancedproxyconfig > miscellaneous)