View
356
Download
9
Category
Preview:
DESCRIPTION
Bluecoat Proxy SG
Citation preview
© Copyright Dimension Data 117 April 2023
Bluecoat Deployment and Troubleshooting
© Copyright Dimension Data 217 April 2023
Agenda
• General Knowledge
• Products
• Deployment Method
• Initial Setup
• Content Filter & Authentication
• Policy Management - VPM
• Access Logging & Failover
• Bluecoat Reporter
• Troubleshooting
© Copyright Dimension Data 317 April 2023
Why do we need Proxy?
Introduction
© Copyright Dimension Data 417 April 2023
Proxy Servers
• Designed to:• Enhance security• Control content• Increase performances
• Two roles for the proxy:• Gateway proxy• WAN Acceleration proxy
© Copyright Dimension Data 517 April 2023
Firewall and Proxy
© Copyright Dimension Data 617 April 2023
Gateway Proxy
© Copyright Dimension Data 717 April 2023
WAN Acceleration Proxy
© Copyright Dimension Data 817 April 2023
Bluecoat Product List
Hardware Based Software Based
Blue Coat SG Bluecoat Reporter
Blue Coat AV Bluecoat Web Filter
Blue Coat Director Bluecoat K9
Blue Coat RA
Bluecoat Packetshaper
Bluecoat DLP
© Copyright Dimension Data 917 April 2023
SG510 SeriesSG600 Series
SG810 SeriesSG900 Series
SG8100 SeriesSG9000 Series
Rem
ote
O
ffic
es
Co
rpo
rate
H
ead
qu
arte
rs
Up to 250 150 to 1,000 800 to 4,000 3,000 to 50,000+
Med
ium
bu
sin
esse
s
SG200 SeriesSG300 Series
Bluecoat SG Product Family
© Copyright Dimension Data 1017 April 2023
Bluecoat SG Deployment
Client Connections Method
• Explicit Proxy
• Transparent Proxy
Proxy Role
• Forward Proxy
• Reverse Proxy
© Copyright Dimension Data 1117 April 2023
Explicit Proxy
© Copyright Dimension Data 1217 April 2023
Explicit Proxy
© Copyright Dimension Data 1317 April 2023
Transparent Proxy
© Copyright Dimension Data 1417 April 2023
Forward Proxy
The Proxy is on the same network with the clients
© Copyright Dimension Data 1517 April 2023
The proxy is on the same network with the servers
Reverse Proxy
© Copyright Dimension Data 1617 April 2023
Out of Path Deployment
© Copyright Dimension Data 1717 April 2023
Using WCCP
© Copyright Dimension Data 1817 April 2023
Proxy Auto Configuration File
© Copyright Dimension Data 1917 April 2023
Proxy SG Initial Setup
• Physical Installation
• Basic Setup
• Licensing
© Copyright Dimension Data 2017 April 2023
Initial Setup
© Copyright Dimension Data 2117 April 2023
Configuration Options
© Copyright Dimension Data 2217 April 2023
Access Control
© Copyright Dimension Data 2317 April 2023
Registering Device
© Copyright Dimension Data 2417 April 2023
Initial Setup & Registration
Microsoft Office Word 97 - 2003 Document
Microsoft Office Word 97 - 2003 Document
© Copyright Dimension Data 2517 April 2023
Content Filtering
Enable Proxy to make smarter decisions
• Based policy control on type of content• Offer more than just protocol and URL match
Attempt to categorize the Internet
• Categorise the 20% of sites that generate 80% of the traffic• Use artificial intelligence to cover the remaining 80%
User defined category set
• Local database
© Copyright Dimension Data 2617 April 2023
Logical Flow
© Copyright Dimension Data 2717 April 2023
Dynamic Real Time Rating
Extend Blue Coat Web Filter capabilities
• Scan and categorize the contents of a web page
• Immediate categorization
Provide a network service to accomplish dynamic classification
• Analysis is accomplished on the external service
• No performance impact on the ProxySG
© Copyright Dimension Data 2817 April 2023
Authentication Realms
IWA
• Windows NT Domains and Active Directory
• Basic, NTLM, and Kerberos credentials
• BCAAA agent is required for integrating with Micrsoft AD
• BCCAA version and the Proxy version has to be the same
LDAP
• Active Directory and other LDAP Databases
Sequence
• List of authentication realms to be processed
© Copyright Dimension Data 2917 April 2023
LDAP Authentication Example
D:\New Folder (2) on My DC Laptop (10.45
© Copyright Dimension Data 3017 April 2023
Policy Management
Set Default Proxy Policy
• Setting global security level
Understand Visual Policy Manager (VPM)
• Managing Layers
© Copyright Dimension Data 3117 April 2023
Deny
• Default option for Blue Coat SG
• All network traffic received by the proxy is blocked
Allow
• Network traffic is allowed through the proxy
• Other policies can deny selected traffic
Default Policy
© Copyright Dimension Data 3217 April 2023
Visual Policy Manager
© Copyright Dimension Data 3317 April 2023
Visual Policy Manager
© Copyright Dimension Data 3417 April 2023
Visual Policy Manager
© Copyright Dimension Data 3517 April 2023
“Block all users from Hacking web sites”
Source: ANY Destination: Hacking Service: ANY Time: ANY Action: DENY Track: none
Policy Transactions : Rule #1
© Copyright Dimension Data 3617 April 2023
Policy Transactions : Rule #2
“Employees can visit travel web sites only outside regular working hours”
• Source: ANY
• Destination: Travel
• Service: ANY
• Time: Mon-Fri; 08:00..17:00
• Action: DENY
• Track: none
© Copyright Dimension Data 3717 April 2023
VPM Example
Microsoft Office Word 97 - 2003 Document
© Copyright Dimension Data 3817 April 2023
Access Logging
Record transaction information
• Information specific per protocol
• Necessary to run reports
• Customizable
Track Usage
• Entire network
• Specific information
• User or department usage patterns
© Copyright Dimension Data 3917 April 2023
Failover
• Failover allows a second machine to take over in case a primary machine fails
• Works on master-slave model
• Similar to VRRP with following exceptions
o A configurable IP multicast address is the destination of the advertisements.
o The advertisements’ interval is included in protocol messages and is learned by the slaves.
o A virtual router identifier (VRID) is not used.
o Virtual MAC addresses are not used.
o MD5 is used for authentication at the application level.
• Master takes over once online
© Copyright Dimension Data 4017 April 2023
Failover Example
Microsoft Office Word 97 - 2003 Document
© Copyright Dimension Data 4117 April 2023
Bluecoat Reporter
• Analyzes comprehensive log files from Bluecoat SG
• 150 pre-defined reports including spyware, IM, P2P , popular sites etc.
• Provides visibility to web content, performance, threats and trending over defined time
• Two types of Reporter
Standard Reporter
Enterprise Reporter
© Copyright Dimension Data 4217 April 2023
Bluecoat Reporter
© Copyright Dimension Data 4317 April 2023
Bluecoat Reporter
© Copyright Dimension Data 4417 April 2023
Bluecoat Reporter
© Copyright Dimension Data 4517 April 2023
Troubleshooting
© Copyright Dimension Data 4617 April 2023
Commonly Faced Issues
• Not able to access particular URL
• Not able to view images on a particular site
• Internet access is very slow
• frequently asked for authentication prompt
• High Memory & CPU utilization
• Messenger not working through Proxy
© Copyright Dimension Data 4717 April 2023
Troubleshooting Data
• Access Logs
• Event Logs
• Policy Trace
• Packet Capture on Bluecoat
• Packet Capture on User Machine
• Health Check
© Copyright Dimension Data 4817 April 2023
Event Logs
•Management logs
•Hardware specific logs
•Event logs can be viewed from StatisticsAdvanced option
•It can also be viewed from URL https://x.x.x.x:8082/eventlog/statistics
© Copyright Dimension Data 4917 April 2023
Policy Trace
To find –
• traffic is hitting which policy
• Reason of Blocking/Allowing the connection
• Authentication is working fine or not
© Copyright Dimension Data 5017 April 2023
Policy Trace
To enable Policy Trace :
• Open the visual policy manager• From the 'Policy' menu, click on 'Add Web access layer'• Name it and click ok• Right-Click the source and click on 'Set', 'New', 'Client IP Address/Subnet'• Enter the IP address of the workstation you are going to test from, and as subnet, enter 255.255.255.255 since we only want that specific host.• Right click the "Deny" item in the 'Action' column and click 'Delete'. The action should now be "None"• Right click the 'None' in the "Track" column and click 'Set', 'New', 'Trace...'• Choose 'Verbose tracking', enable 'Trace file' and enter a file name• Click 'Ok'• You should now have a layer with a single rule, the source would be the IP address of the workstation, and the track object should be the object just created.• Install the policy• Reproduce the issue• Disable or delete the web access layer just created. It's best to disable it for now in case another test needs to be done.
© Copyright Dimension Data 5117 April 2023
Policy Trace
C:\Documents and Settings\badal.chandani
© Copyright Dimension Data 5217 April 2023
Packet Capture
• Packet capture can be run from Maintenance->Service Information->Packet Captures
• We can apply filter as well based on IP address, Ports
• Client- Proxy and Proxy-Server communication
• Can be useful for slowness , authentication issue etc.
© Copyright Dimension Data 5317 April 2023
Packet Capture Example
© Copyright Dimension Data 5417 April 2023
Health Check
• Proxy can perform health check on HTTP, HTTPS, ICAP, Websense and SOCKS gateways
• Periodically verifies availability and health status of the host
• Time interval is configurable
• Failed health check results in administrator notification
• Health checks are configurable in the Management Console by going to the Management Console > Configuration tab > Health Checks > General
© Copyright Dimension Data 5517 April 2023
Questions?
Recommended