At least one
profile element must be defined.
id must be a unique identifier that does not change
during the lifetime of the profile.
name can be given to the profile. This is a free-form
host attribute defines the address of the Secure Shell server
host. If it is left empty and/or under the
hostname-from-app="yes", the Secure Shell connection is
opened to the destination host given in the SOCKS request. Otherwise the
Secure Shell connection is opened to the host specified in the profile and
in FTP tunneling, FTP connections are forwarded to the requested hosts.
port attribute specifies the Secure Shell server port. The
default port is
user attribute specifies the username on the Secure Shell
server. If it is left empty, the username given by the FTP client is used
when opening the Secure Shell connection.
At least one
tunnel element must be defined.
For transparent tunneling, the tunnel
type must be set as
"socks-proxy and the
listen-address is usually the loopback address
"127.0.0.1", but can be an address of any local interface that will
dst-port attribute is set to
0 and the
profile attribute is left empty when transparent tunneling and
FTP-SFTP conversion are used.
At least one
rule element must be defined.
ip-address attribute specifies the target host IP address to be
filtered. It can be a regular expression. Connections to the specified
address are captured. With transparent FTP tunneling and FTP-SFTP
conversion, this can be usually set to capture all connections
".*"), as the connections are already filtered by the SOCKS Proxy
ports attribute specifies the ports to be filtered. It can be a
single port or a range. A range is specified with a dash between two
integers (such as
action attribute specifies the action to be done when a filter
is used. For transparent FTP tunneling, the action is
For FTP-SFTP conversion, the action is
profile-id attribute is a reference to a
profile element and
should contain the same value as the
id attribute of the profile.
hostname-from-app attribute defines whether the SOCKS Proxy should
extract the Secure Shell server's host name from data sent by the
application, or use a Secure Shell server defined by the connection profile
profile-id. With SSH Tectia SOCKS Proxy on z/OS, this is usually set to
"yes". Note that this requires that a Secure Shell server is
installed to each destination server (or that
enabled to allow direct connections to those servers that do not have Secure
username-from-app attribute defines whether the FTP tunneling
or FTP-SFTP conversion extracts the user name from data sent by the FTP
application. With SSH Tectia SOCKS Proxy on z/OS, this is usually set to
This setting will override any user name settings made in a related
When applying the filter rule, if creating the tunnel fails or the
connection to the Secure Shell server fails, the SOCKS Proxy will normally return
a "host not reachable" error. However, if the
attribute is set to
"yes", a direct (unsecured) connection is used