Bluecoat Deployment and Troubleshooting

© Copyright Dimension Data 3 April 2018 1

Agenda

• General Knowledge
• Products
• Deployment Method
• Initial Setup
• Content Filter & Authentication
• Policy Management - VPM
• Access Logging & Failover
• Bluecoat Reporter
• Troubleshooting

© Copyright Dimension Data 3 April 2018 2

 Introduction

Why do we need Proxy?

© Copyright Dimension Data 3 April 2018 3

Proxy Servers

• Designed to:
• Enhance security
• Control content
• Increase performances

• Two roles for the proxy:

• Gateway proxy
• WAN Acceleration proxy

© Copyright Dimension Data 3 April 2018 4

Firewall and Proxy

© Copyright Dimension Data 3 April 2018 5

Gateway Proxy

© Copyright Dimension Data 3 April 2018 6

WAN Acceleration Proxy

© Copyright Dimension Data 3 April 2018 7

Bluecoat Product List

Hardware Based Software Based

Blue Coat SG Bluecoat Reporter

Blue Coat AV Bluecoat Web Filter

Blue Coat Director Bluecoat K9

Blue Coat RA

Bluecoat Packetshaper

Bluecoat DLP

© Copyright Dimension Data 3 April 2018 8

 Bluecoat SG Product Family

SG8100 Series
Headquarters

SG9000 Series
Corporate

SG810 Series
SG900 Series
businesses
Medium

SG510 Series
SG200 Series SG600 Series
SG300 Series
Remote
Offices

Up to 250 150 to 1,000 800 to 4,000 3,000 to 50,000+

© Copyright Dimension Data 3 April 2018 9

Bluecoat SG Deployment

Client Connections Method

• Explicit Proxy
• Transparent Proxy

Proxy Role
• Forward Proxy
• Reverse Proxy

© Copyright Dimension Data 3 April 2018 10

Explicit Proxy

© Copyright Dimension Data 3 April 2018 11

Explicit Proxy

© Copyright Dimension Data 3 April 2018 12

Transparent Proxy

© Copyright Dimension Data 3 April 2018 13

 Forward Proxy

The Proxy is on the same network with the clients

© Copyright Dimension Data 3 April 2018 14

Reverse Proxy

The proxy is on the same network with the servers

© Copyright Dimension Data 3 April 2018 15

Out of Path Deployment

© Copyright Dimension Data 3 April 2018 16

Using WCCP

© Copyright Dimension Data 3 April 2018 17

Proxy Auto Configuration File

© Copyright Dimension Data 3 April 2018 18

Proxy SG Initial Setup

• Physical Installation

• Basic Setup

• Licensing

© Copyright Dimension Data 3 April 2018 19

Initial Setup

© Copyright Dimension Data 3 April 2018 20

Configuration Options

© Copyright Dimension Data 3 April 2018 21

Access Control

© Copyright Dimension Data 3 April 2018 22

Registering Device

© Copyright Dimension Data 3 April 2018 23

Initial Setup & Registration

Microsoft Office
Microsoft Office Word 97 - 2003 Document
Word 97 - 2003 Document

© Copyright Dimension Data 3 April 2018 24

Content Filtering

Enable Proxy to make smarter decisions

• Based policy control on type of content

• Offer more than just protocol and URL match

Attempt to categorize the Internet

• Categorise the 20% of sites that generate 80% of the traffic

• Use artificial intelligence to cover the remaining 80%

User defined category set

• Local database

© Copyright Dimension Data 3 April 2018 25

Logical Flow

© Copyright Dimension Data 3 April 2018 26

 Dynamic Real Time Rating

Extend Blue Coat Web Filter capabilities

• Scan and categorize the contents of a web page
• Immediate categorization

Provide a network service to accomplish dynamic classification

• Analysis is accomplished on the external service
• No performance impact on the ProxySG

© Copyright Dimension Data 3 April 2018 27

Authentication Realms

IWA
• Windows NT Domains and Active Directory
• Basic, NTLM, and Kerberos credentials
• BCAAA agent is required for integrating with Micrsoft AD
• BCCAA version and the Proxy version has to be the same

LDAP
• Active Directory and other LDAP Databases

Sequence
• List of authentication realms to be processed

© Copyright Dimension Data 3 April 2018 28

LDAP Authentication Example

D:\New Folder (2)

on My DC Laptop (10.45

© Copyright Dimension Data 3 April 2018 29

Policy Management

Set Default Proxy Policy

• Setting global security level

Understand Visual Policy Manager (VPM)

• Managing Layers

© Copyright Dimension Data 3 April 2018 30

 Default Policy

Deny
• Default option for Blue Coat SG
• All network traffic received by the proxy is blocked

Allow
• Network traffic is allowed through the proxy
• Other policies can deny selected traffic

© Copyright Dimension Data 3 April 2018 31

Visual Policy Manager

© Copyright Dimension Data 3 April 2018 32

Visual Policy Manager

© Copyright Dimension Data 3 April 2018 33

Visual Policy Manager

© Copyright Dimension Data 3 April 2018 34

Policy Transactions : Rule #1

 “Block all users from Hacking web sites”

 Source: ANY
 Destination: Hacking
 Service: ANY
 Time: ANY
 Action: DENY
 Track: none

© Copyright Dimension Data 3 April 2018 35

Policy Transactions : Rule #2

“Employees can visit travel web sites only outside regular working hours”

• Source: ANY
• Destination: Travel
• Service: ANY
• Time: Mon-Fri; 08:00..17:00
• Action: DENY
• Track: none

© Copyright Dimension Data 3 April 2018 36

VPM Example

Microsoft Office
Word 97 - 2003 Document

© Copyright Dimension Data 3 April 2018 37

Access Logging

Record transaction information

• Information specific per protocol
• Necessary to run reports
• Customizable

Track Usage
• Entire network
• Specific information
• User or department usage patterns

© Copyright Dimension Data 3 April 2018 38

Failover

• Failover allows a second machine to take over in case a primary machine fails
• Works on master-slave model
• Similar to VRRP with following exceptions
o A configurable IP multicast address is the destination of the advertisements.
o The advertisements’ interval is included in protocol messages and is learned by the slaves.
o A virtual router identifier (VRID) is not used.
o Virtual MAC addresses are not used.
o MD5 is used for authentication at the application level.
• Master takes over once online

© Copyright Dimension Data 3 April 2018 39

Failover Example

Microsoft Office
Word 97 - 2003 Document

© Copyright Dimension Data 3 April 2018 40

Bluecoat Reporter

• Analyzes comprehensive log files from Bluecoat SG

• 150 pre-defined reports including spyware, IM, P2P , popular sites etc.
• Provides visibility to web content, performance, threats and trending over defined time
• Two types of Reporter
 Standard Reporter
 Enterprise Reporter

© Copyright Dimension Data 3 April 2018 41

Bluecoat Reporter

© Copyright Dimension Data 3 April 2018 42

Bluecoat Reporter

© Copyright Dimension Data 3 April 2018 43

Bluecoat Reporter

© Copyright Dimension Data 3 April 2018 44

 Troubleshooting

© Copyright Dimension Data 3 April 2018 45

Commonly Faced Issues

• Not able to access particular URL

• Not able to view images on a particular site
• Internet access is very slow
• frequently asked for authentication prompt
• High Memory & CPU utilization
• Messenger not working through Proxy

© Copyright Dimension Data 3 April 2018 46

Troubleshooting Data

• Access Logs
• Event Logs
• Policy Trace
• Packet Capture on Bluecoat
• Packet Capture on User Machine
• Health Check

© Copyright Dimension Data 3 April 2018 47

Event Logs

•Management logs
•Hardware specific logs
•Event logs can be viewed from StatisticsAdvanced option
•It can also be viewed from URL  https://x.x.x.x:8082/eventlog/statistics

© Copyright Dimension Data 3 April 2018 48

Policy Trace

To find –
• traffic is hitting which policy
• Reason of Blocking/Allowing the connection
• Authentication is working fine or not

© Copyright Dimension Data 3 April 2018 49

Policy Trace

To enable Policy Trace :

• Open the visual policy manager

• From the 'Policy' menu, click on 'Add Web access layer'
• Name it and click ok
• Right-Click the source and click on 'Set', 'New', 'Client IP Address/Subnet'
• Enter the IP address of the workstation you are going to test from, and as subnet,
enter 255.255.255.255 since we only want that specific host.
• Right click the "Deny" item in the 'Action' column and click 'Delete'. The action
should now be "None"
• Right click the 'None' in the "Track" column and click 'Set', 'New', 'Trace...'
• Choose 'Verbose tracking', enable 'Trace file' and enter a file name
• Click 'Ok'
• You should now have a layer with a single rule, the source would be the IP
address of the workstation, and the track object should be the object just created.
• Install the policy
• Reproduce the issue
• Disable or delete the web access layer just created. It's best to disable it for now
in case another test needs to be done.

© Copyright Dimension Data 3 April 2018 50

Policy Trace

C:\Documents and
Settings\badal.chandani

© Copyright Dimension Data 3 April 2018 51

Packet Capture

• Packet capture can be run from Maintenance->Service Information->Packet Captures

• We can apply filter as well based on IP address, Ports
• Client- Proxy and Proxy-Server communication
• Can be useful for slowness , authentication issue etc.

© Copyright Dimension Data 3 April 2018 52

Packet Capture Example

© Copyright Dimension Data 3 April 2018 53

Health Check

• Proxy can perform health check on HTTP, HTTPS, ICAP, Websense and SOCKS gateways
• Periodically verifies availability and health status of the host
• Time interval is configurable
• Failed health check results in administrator notification
• Health checks are configurable in the Management Console by going to the Management
Console > Configuration tab > Health Checks > General

© Copyright Dimension Data 3 April 2018 54

Questions?

© Copyright Dimension Data 3 April 2018 55