bluecoat training-24.2.2012 (1)

Bluecoat Deployment and Troubleshooting

Agenda

• General Knowledge

• Products

• Deployment Method

• Initial Setup

• Content Filter & Authentication

• Policy Management - VPM

• Access Logging & Failover

• Bluecoat Reporter

• Troubleshooting

Why do we need Proxy?

Introduction

Proxy Servers

• Designed to:• Enhance security• Control content• Increase performances

• Two roles for the proxy:• Gateway proxy• WAN Acceleration proxy

Firewall and Proxy

Gateway Proxy

WAN Acceleration Proxy

Bluecoat Product List

Hardware Based Software Based

Blue Coat SG Bluecoat Reporter

Blue Coat AV Bluecoat Web Filter

Blue Coat Director Bluecoat K9

Blue Coat RA

Bluecoat Packetshaper

Bluecoat DLP

SG510 SeriesSG600 Series

Up to 250 150 to 1,000 800 to 4,000 3,000 to 50,000+

Bluecoat SG Product Family

Bluecoat SG Deployment

Client Connections Method

• Explicit Proxy

• Transparent Proxy

Proxy Role

• Forward Proxy

• Reverse Proxy

Explicit Proxy

Transparent Proxy

Forward Proxy

The Proxy is on the same network with the clients

The proxy is on the same network with the servers

Reverse Proxy

Out of Path Deployment

Using WCCP

Proxy Auto Configuration File

Proxy SG Initial Setup

• Physical Installation

• Basic Setup

• Licensing

Initial Setup

Configuration Options

Access Control

Registering Device

Initial Setup & Registration

Microsoft Office Word 97 - 2003 Document

Content Filtering

Enable Proxy to make smarter decisions

• Based policy control on type of content• Offer more than just protocol and URL match

Attempt to categorize the Internet

• Categorise the 20% of sites that generate 80% of the traffic• Use artificial intelligence to cover the remaining 80%

User defined category set

• Local database

Logical Flow

Dynamic Real Time Rating

Extend Blue Coat Web Filter capabilities

• Scan and categorize the contents of a web page

• Immediate categorization

Provide a network service to accomplish dynamic classification

• Analysis is accomplished on the external service

• No performance impact on the ProxySG

Authentication Realms

• Windows NT Domains and Active Directory

• Basic, NTLM, and Kerberos credentials

• BCAAA agent is required for integrating with Micrsoft AD

• BCCAA version and the Proxy version has to be the same

• Active Directory and other LDAP Databases

Sequence

• List of authentication realms to be processed

LDAP Authentication Example

D:\New Folder (2) on My DC Laptop (10.45

Policy Management

Set Default Proxy Policy

• Setting global security level

Understand Visual Policy Manager (VPM)

• Managing Layers

• Default option for Blue Coat SG

• All network traffic received by the proxy is blocked

• Network traffic is allowed through the proxy

• Other policies can deny selected traffic

Default Policy

Visual Policy Manager

“Block all users from Hacking web sites”

Source: ANY Destination: Hacking Service: ANY Time: ANY Action: DENY Track: none

Policy Transactions : Rule #1

Policy Transactions : Rule #2

“Employees can visit travel web sites only outside regular working hours”

• Source: ANY

• Destination: Travel

• Service: ANY

• Time: Mon-Fri; 08:00..17:00

• Action: DENY

• Track: none

VPM Example

Access Logging

Record transaction information

• Information specific per protocol

• Necessary to run reports

• Customizable

Track Usage

• Entire network

• Specific information

• User or department usage patterns

Failover

• Failover allows a second machine to take over in case a primary machine fails

• Works on master-slave model

• Similar to VRRP with following exceptions

o A configurable IP multicast address is the destination of the advertisements.

o The advertisements’ interval is included in protocol messages and is learned by the slaves.

o A virtual router identifier (VRID) is not used.

o Virtual MAC addresses are not used.

o MD5 is used for authentication at the application level.

• Master takes over once online

Failover Example

Bluecoat Reporter

• Analyzes comprehensive log files from Bluecoat SG

• 150 pre-defined reports including spyware, IM, P2P , popular sites etc.

• Provides visibility to web content, performance, threats and trending over defined time

• Two types of Reporter

Standard Reporter

Enterprise Reporter

Bluecoat Reporter

Troubleshooting

Commonly Faced Issues

• Not able to access particular URL

• Not able to view images on a particular site

• Internet access is very slow

• frequently asked for authentication prompt

• High Memory & CPU utilization

• Messenger not working through Proxy

Troubleshooting Data

• Access Logs

• Event Logs

• Policy Trace

• Packet Capture on Bluecoat

• Packet Capture on User Machine

• Health Check

Event Logs

•Management logs

•Hardware specific logs

•Event logs can be viewed from StatisticsAdvanced option

•It can also be viewed from URL https://x.x.x.x:8082/eventlog/statistics

Policy Trace

To find –

• traffic is hitting which policy

• Reason of Blocking/Allowing the connection

• Authentication is working fine or not

Policy Trace

To enable Policy Trace :

• Open the visual policy manager• From the 'Policy' menu, click on 'Add Web access layer'• Name it and click ok• Right-Click the source and click on 'Set', 'New', 'Client IP Address/Subnet'• Enter the IP address of the workstation you are going to test from, and as subnet, enter 255.255.255.255 since we only want that specific host.• Right click the "Deny" item in the 'Action' column and click 'Delete'. The action should now be "None"• Right click the 'None' in the "Track" column and click 'Set', 'New', 'Trace...'• Choose 'Verbose tracking', enable 'Trace file' and enter a file name• Click 'Ok'• You should now have a layer with a single rule, the source would be the IP address of the workstation, and the track object should be the object just created.• Install the policy• Reproduce the issue• Disable or delete the web access layer just created. It's best to disable it for now in case another test needs to be done.

Policy Trace

C:\Documents and Settings\badal.chandani

Packet Capture

• Packet capture can be run from Maintenance->Service Information->Packet Captures

• We can apply filter as well based on IP address, Ports

• Client- Proxy and Proxy-Server communication

• Can be useful for slowness , authentication issue etc.

Packet Capture Example

Health Check

• Proxy can perform health check on HTTP, HTTPS, ICAP, Websense and SOCKS gateways

• Periodically verifies availability and health status of the host

• Time interval is configurable

• Failed health check results in administrator notification

• Health checks are configurable in the Management Console by going to the Management Console > Configuration tab > Health Checks > General

Questions?

bluecoat training-24.2.2012 (1)

Documents

integrate bluecoat content analysis - netsurion · 2020....

wootton primary school newsletter 24.2.2012

bluecoat weddings

bluecoat isp

bluecoat the first 300 years | 1 the first 300...

bluecoat knowledge base

bluecoat occasions meetings

bluecoat packeshaper presentation

bluecoat npir recreational video traffic wp v1a

bluecoat school stamford

events at the bluecoat

bluecoat bccpa questions[1].docx

bluecoat yard, ware

صحيفة المركز الأسبوعية , العدد 192...

bluecoat decrypting ssl

pilton bluecoat church of england academy

ada lovelace - home - bluecoat beechdale academy

hal e-bank web retail new - 24.2.2012

operation bluecoat

bluecoat proxy hardning