Bluecoat Deployment and Troubleshooting

Copyright Dimension Data

24 November 2013

Agenda
General Knowledge Products Deployment Method

Initial Setup
Content Filter & Authentication Policy Management - VPM Access Logging & Failover

Bluecoat Reporter
Troubleshooting

Copyright Dimension Data

24 November 2013

Introduction

Why do we need Proxy?

Copyright Dimension Data

24 November 2013

Proxy Servers

Designed to:
Enhance security Control content Increase performances

Two roles for the proxy: Gateway proxy WAN Acceleration proxy

Copyright Dimension Data

24 November 2013

Firewall and Proxy

Copyright Dimension Data

24 November 2013

Gateway Proxy

Copyright Dimension Data

24 November 2013

WAN Acceleration Proxy

Copyright Dimension Data

24 November 2013

Bluecoat Product List

Hardware Based Software Based

Blue Coat SG

Bluecoat Reporter

Blue Coat AV

Bluecoat Web Filter

Blue Coat Director

Bluecoat K9

Blue Coat RA

Bluecoat Packetshaper

Bluecoat DLP
Copyright Dimension Data 24 November 2013

Bluecoat SG Product Family

Corporate Headquarters

SG8100 Series SG9000 Series

SG810 Series SG900 Series

Medium businesses

SG200 Series SG300 Series

SG510 Series SG600 Series

Remote Offices

Up to 250

150 to 1,000

800 to 4,000

3,000 to 50,000+

Copyright Dimension Data

24 November 2013

Bluecoat SG Deployment

Client Connections Method Explicit Proxy Transparent Proxy

Proxy Role Forward Proxy Reverse Proxy

Copyright Dimension Data

24 November 2013

10

Explicit Proxy

Copyright Dimension Data

24 November 2013

11

Explicit Proxy

Copyright Dimension Data

24 November 2013

12

Transparent Proxy

Copyright Dimension Data

24 November 2013

13

Forward Proxy

The Proxy is on the same network with the clients

Copyright Dimension Data

24 November 2013

14

Reverse Proxy

The proxy is on the same network with the servers

Copyright Dimension Data

24 November 2013

15

Out of Path Deployment

Copyright Dimension Data

24 November 2013

16

Using WCCP

Copyright Dimension Data

24 November 2013

17

Proxy Auto Configuration File

Copyright Dimension Data

24 November 2013

18

Proxy SG Initial Setup

Physical Installation
Basic Setup Licensing

Copyright Dimension Data

24 November 2013

19

Initial Setup

Copyright Dimension Data

24 November 2013

20

Configuration Options

Copyright Dimension Data

24 November 2013

21

Access Control

Copyright Dimension Data

24 November 2013

22

Registering Device

Copyright Dimension Data

24 November 2013

23

Initial Setup & Registration

Copyright Dimension Data

24 November 2013

24

Content Filtering

Enable Proxy to make smarter decisions

Based policy control on type of content Offer more than just protocol and URL match Attempt to categorize the Internet Categorise the 20% of sites that generate 80% of the traffic Use artificial intelligence to cover the remaining 80% User defined category set

Local database

Copyright Dimension Data

24 November 2013

25

Logical Flow

Copyright Dimension Data

24 November 2013

26

Dynamic Real Time Rating

Extend Blue Coat Web Filter capabilities Scan and categorize the contents of a web page Immediate categorization

Provide a network service to accomplish dynamic classification Analysis is accomplished on the external service No performance impact on the ProxySG

Copyright Dimension Data

24 November 2013

27

Authentication Realms

IWA Windows NT Domains and Active Directory Basic, NTLM, and Kerberos credentials BCAAA agent is required for integrating with Micrsoft AD BCCAA version and the Proxy version has to be the same LDAP

Active Directory and other LDAP Databases

Sequence List of authentication realms to be processed

Copyright Dimension Data

24 November 2013

28

LDAP Authentication Example

Copyright Dimension Data

24 November 2013

29

Policy Management

Set Default Proxy Policy Setting global security level

Understand Visual Policy Manager (VPM)

Managing Layers

Copyright Dimension Data

24 November 2013

30

Default Policy
Deny Default option for Blue Coat SG All network traffic received by the proxy is blocked

Allow
Network traffic is allowed through the proxy Other policies can deny selected traffic

Copyright Dimension Data

24 November 2013

31

Visual Policy Manager

Copyright Dimension Data

24 November 2013

32

Visual Policy Manager

Copyright Dimension Data

24 November 2013

33

Visual Policy Manager

Copyright Dimension Data

24 November 2013

34

Policy Transactions : Rule #1

Block all users from Hacking web sites

Source: ANY Destination: Hacking Service: ANY Time: ANY Action: DENY Track: none

Copyright Dimension Data

24 November 2013

35

Policy Transactions : Rule #2

Employees can visit travel web sites only outside regular working hours

Source: ANY
Destination: Travel Service: ANY Time: Mon-Fri; 08:00..17:00

Action: DENY
Track: none

Copyright Dimension Data

24 November 2013

36

VPM Example

Copyright Dimension Data

24 November 2013

37

Access Logging

Record transaction information Information specific per protocol Necessary to run reports

Customizable

Track Usage Entire network

Specific information
User or department usage patterns

Copyright Dimension Data

24 November 2013

38

Failover
Failover allows a second machine to take over in case a primary machine fails Works on master-slave model

o o o

Similar to VRRP with following exceptions

A configurable IP multicast address is the destination of the advertisements. The advertisements interval is included in protocol messages and is learned by the slaves. A virtual router identifier (VRID) is not used.

o
o

Virtual MAC addresses are not used.

MD5 is used for authentication at the application level. Master takes over once online

Copyright Dimension Data

24 November 2013

39

Failover Example

Copyright Dimension Data

24 November 2013

40

Bluecoat Reporter
Analyzes comprehensive log files from Bluecoat SG 150 pre-defined reports including spyware, IM, P2P , popular sites etc. Provides visibility to web content, performance, threats and trending over defined time Two types of Reporter

Standard Reporter
Enterprise Reporter

Copyright Dimension Data

24 November 2013

41

Bluecoat Reporter

Copyright Dimension Data

24 November 2013

42

Bluecoat Reporter

Copyright Dimension Data

24 November 2013

43

Bluecoat Reporter

Copyright Dimension Data

24 November 2013

44

Troubleshooting

Copyright Dimension Data

24 November 2013

45

Commonly Faced Issues

Not able to access particular URL

Not able to view images on a particular site

Internet access is very slow

frequently asked for authentication prompt High Memory & CPU utilization Messenger not working through Proxy

Copyright Dimension Data

24 November 2013

46

Troubleshooting Data

Access Logs
Event Logs Policy Trace Packet Capture on Bluecoat Packet Capture on User Machine Health Check

Copyright Dimension Data

24 November 2013

47

Event Logs

Management logs Hardware specific logs Event logs can be viewed from StatisticsAdvanced option It can also be viewed from URL https://x.x.x.x:8082/eventlog/statistics

Copyright Dimension Data

24 November 2013

48

Policy Trace
To find traffic is hitting which policy Reason of Blocking/Allowing the connection Authentication is working fine or not

Copyright Dimension Data

24 November 2013

49

Policy Trace

To enable Policy Trace : Open the visual policy manager From the 'Policy' menu, click on 'Add Web access layer' Name it and click ok Right-Click the source and click on 'Set', 'New', 'Client IP Address/Subnet' Enter the IP address of the workstation you are going to test from, and as subnet, enter 255.255.255.255 since we only want that specific host. Right click the "Deny" item in the 'Action' column and click 'Delete'. The action should now be "None" Right click the 'None' in the "Track" column and click 'Set', 'New', 'Trace...' Choose 'Verbose tracking', enable 'Trace file' and enter a file name Click 'Ok' You should now have a layer with a single rule, the source would be the IP address of the workstation, and the track object should be the object just created. Install the policy Reproduce the issue Disable or delete the web access layer just created. It's best to disable it for now in case another test needs to be done.
Copyright Dimension Data 24 November 2013

50

Policy Trace

Copyright Dimension Data

24 November 2013

51

Packet Capture
Packet capture can be run from Maintenance->Service Information->Packet Captures We can apply filter as well based on IP address, Ports Client- Proxy and Proxy-Server communication Can be useful for slowness , authentication issue etc.

Copyright Dimension Data

24 November 2013

52

Packet Capture Example

Copyright Dimension Data

24 November 2013

53

Health Check
Proxy can perform health check on HTTP, HTTPS, ICAP, Websense and SOCKS gateways Periodically verifies availability and health status of the host Time interval is configurable Failed health check results in administrator notification

Health checks are configurable in the Management Console by going to the Management Console > Configuration tab > Health Checks > General

Copyright Dimension Data

24 November 2013

54

Questions?

Copyright Dimension Data

24 November 2013

55