Professional Documents
Culture Documents
24 November 2013
Agenda
General Knowledge Products Deployment Method
Initial Setup
Content Filter & Authentication Policy Management - VPM Access Logging & Failover
Bluecoat Reporter
Troubleshooting
24 November 2013
Introduction
24 November 2013
Proxy Servers
Designed to:
Enhance security Control content Increase performances
Two roles for the proxy: Gateway proxy WAN Acceleration proxy
24 November 2013
24 November 2013
Gateway Proxy
24 November 2013
24 November 2013
Blue Coat SG
Bluecoat Reporter
Blue Coat AV
Bluecoat K9
Blue Coat RA
Bluecoat Packetshaper
Bluecoat DLP
Copyright Dimension Data 24 November 2013
Corporate Headquarters
Medium businesses
Remote Offices
Up to 250
150 to 1,000
800 to 4,000
3,000 to 50,000+
24 November 2013
Bluecoat SG Deployment
24 November 2013
10
Explicit Proxy
24 November 2013
11
Explicit Proxy
24 November 2013
12
Transparent Proxy
24 November 2013
13
Forward Proxy
24 November 2013
14
Reverse Proxy
24 November 2013
15
24 November 2013
16
Using WCCP
24 November 2013
17
24 November 2013
18
Physical Installation
Basic Setup Licensing
24 November 2013
19
Initial Setup
24 November 2013
20
Configuration Options
24 November 2013
21
Access Control
24 November 2013
22
Registering Device
24 November 2013
23
24 November 2013
24
Content Filtering
Local database
24 November 2013
25
Logical Flow
24 November 2013
26
Extend Blue Coat Web Filter capabilities Scan and categorize the contents of a web page Immediate categorization
Provide a network service to accomplish dynamic classification Analysis is accomplished on the external service No performance impact on the ProxySG
24 November 2013
27
Authentication Realms
IWA Windows NT Domains and Active Directory Basic, NTLM, and Kerberos credentials BCAAA agent is required for integrating with Micrsoft AD BCCAA version and the Proxy version has to be the same LDAP
24 November 2013
28
24 November 2013
29
Policy Management
24 November 2013
30
Default Policy
Deny Default option for Blue Coat SG All network traffic received by the proxy is blocked
Allow
Network traffic is allowed through the proxy Other policies can deny selected traffic
24 November 2013
31
24 November 2013
32
24 November 2013
33
24 November 2013
34
24 November 2013
35
Source: ANY
Destination: Travel Service: ANY Time: Mon-Fri; 08:00..17:00
Action: DENY
Track: none
24 November 2013
36
VPM Example
24 November 2013
37
Access Logging
Record transaction information Information specific per protocol Necessary to run reports
Customizable
Specific information
User or department usage patterns
24 November 2013
38
Failover
Failover allows a second machine to take over in case a primary machine fails Works on master-slave model
o o o
o
o
24 November 2013
39
Failover Example
24 November 2013
40
Bluecoat Reporter
Analyzes comprehensive log files from Bluecoat SG 150 pre-defined reports including spyware, IM, P2P , popular sites etc. Provides visibility to web content, performance, threats and trending over defined time Two types of Reporter
Standard Reporter
Enterprise Reporter
24 November 2013
41
Bluecoat Reporter
24 November 2013
42
Bluecoat Reporter
24 November 2013
43
Bluecoat Reporter
24 November 2013
44
Troubleshooting
24 November 2013
45
24 November 2013
46
Troubleshooting Data
Access Logs
Event Logs Policy Trace Packet Capture on Bluecoat Packet Capture on User Machine Health Check
24 November 2013
47
Event Logs
Management logs Hardware specific logs Event logs can be viewed from StatisticsAdvanced option It can also be viewed from URL https://x.x.x.x:8082/eventlog/statistics
24 November 2013
48
Policy Trace
To find traffic is hitting which policy Reason of Blocking/Allowing the connection Authentication is working fine or not
24 November 2013
49
Policy Trace
To enable Policy Trace : Open the visual policy manager From the 'Policy' menu, click on 'Add Web access layer' Name it and click ok Right-Click the source and click on 'Set', 'New', 'Client IP Address/Subnet' Enter the IP address of the workstation you are going to test from, and as subnet, enter 255.255.255.255 since we only want that specific host. Right click the "Deny" item in the 'Action' column and click 'Delete'. The action should now be "None" Right click the 'None' in the "Track" column and click 'Set', 'New', 'Trace...' Choose 'Verbose tracking', enable 'Trace file' and enter a file name Click 'Ok' You should now have a layer with a single rule, the source would be the IP address of the workstation, and the track object should be the object just created. Install the policy Reproduce the issue Disable or delete the web access layer just created. It's best to disable it for now in case another test needs to be done.
Copyright Dimension Data 24 November 2013
50
Policy Trace
24 November 2013
51
Packet Capture
Packet capture can be run from Maintenance->Service Information->Packet Captures We can apply filter as well based on IP address, Ports Client- Proxy and Proxy-Server communication Can be useful for slowness , authentication issue etc.
24 November 2013
52
24 November 2013
53
Health Check
Proxy can perform health check on HTTP, HTTPS, ICAP, Websense and SOCKS gateways Periodically verifies availability and health status of the host Time interval is configurable Failed health check results in administrator notification
Health checks are configurable in the Management Console by going to the Management Console > Configuration tab > Health Checks > General
24 November 2013
54
Questions?
24 November 2013
55