To reset the ProxySG back to the "out-of-the-box" configuration or default settings take the following steps:
1. Connect to the ProxySG CLI through the serial interface or a terminal server.
2. Press enter 3 times.
3. Choose option 1: "Command Line Interface".
4. Enter enable mode by entering the command "en".
5. At the prompt enter "restore-defaults factory defaults".
6. The system message "Continue with system re-initialization?". Enter Y for the system to proceed with re-initialization.
7. Sit back and wait.
8. Re-initialization is now complete.
Wednesday, August 26, 2009
Internet Content Adaption Protocol (ICAP) Fundamentals
Core points on ICAP:
* The Blue Coat AV (virus checking) is an external service which the ProxySG can communicate with using ICAP.
* The policy definition is conducted on the ProxySG using the management console or Content Policy Language.
* There are two modes of operation: RESMOD and REQMOD. In REQMOD the ProxySG intercepts and forwards requests from the client to the origin server for parsing. In RESMOD the ProxySG (ICAP client) intercepts the response from the origin server and uses ICAP to communicate with the external service to process the response message.
* The Blue Coat AV (virus checking) is an external service which the ProxySG can communicate with using ICAP.
* The policy definition is conducted on the ProxySG using the management console or Content Policy Language.
* There are two modes of operation: RESMOD and REQMOD. In REQMOD the ProxySG intercepts and forwards requests from the client to the origin server for parsing. In RESMOD the ProxySG (ICAP client) intercepts the response from the origin server and uses ICAP to communicate with the external service to process the response message.
Monday, July 6, 2009
Backup Static Routes in Cisco IOS
Problem: I have primary static default route which I want to replace with a secondary default route when the primary fails.
Solution:
track 10 interface FastEthernet0/0 ip routing
delay down 2 up 2
!
track 11 list boolean and
object 10 not
!
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11
!
Verify:
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10 state is [up]
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11 state is [down]
!
R1#show track 11
Track 11
List boolean and
Boolean AND is Down
1 change, last change 00:05:24
object 10 not Up
Tracked by:
STATIC-IP-ROUTING 0
R1#show track 10
Track 10
Interface FastEthernet0/0 ip routing
IP routing is Up
3 changes, last change 00:16:39
Delay up 2 secs, down 2 secs
Tracked by:
Track-list 11
STATIC-IP-ROUTING 0
!
Solution:
track 10 interface FastEthernet0/0 ip routing
delay down 2 up 2
!
track 11 list boolean and
object 10 not
!
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11
!
Verify:
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10 state is [up]
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11 state is [down]
!
R1#show track 11
Track 11
List boolean and
Boolean AND is Down
1 change, last change 00:05:24
object 10 not Up
Tracked by:
STATIC-IP-ROUTING 0
R1#show track 10
Track 10
Interface FastEthernet0/0 ip routing
IP routing is Up
3 changes, last change 00:16:39
Delay up 2 secs, down 2 secs
Tracked by:
Track-list 11
STATIC-IP-ROUTING 0
!
Monday, June 22, 2009
Resetting the Trial License
The trial period on a ProxySG can be reset by entering at the CLI the command "reset-trial". This can only be done once and hence will not work if done previously by someone else who has trialed the appliance.
If the command is unsuccessful the owner of the appliance will need to contact Blue Coat and request a evaluation license. They need to fill in the following form located at: https://bluesource.bluecoat.com/evalrequest , or contact their account representative.
If the command is unsuccessful the owner of the appliance will need to contact Blue Coat and request a evaluation license. They need to fill in the following form located at: https://bluesource.bluecoat.com/evalrequest , or contact their account representative.
Wednesday, May 27, 2009
IM Filtering on Blue Coat ProxySG
What kind of IM security functionality is available from the Blue Coat ProxySG?
Administrators can control IM functionality such as:
- Block File Transfers;
- Search for keywords;
- Limit chatroom access on a user or global basis;
- Instant Messaging messages can be monitored or logged (your boss is watching) =]
As a proxy the BC ProxySG can:
- Allow selected protocols;
- Establish authentication rules for using IM services;
- Allow or deny attachments by file type;
- Allow or deny chat activity;
- Filter Keywords (my boss is the best);
- Block access to IM services by user or other means.
- Block encrypted IM services, because you do not know what information is being transmitted.
Administrators can control IM functionality such as:
- Block File Transfers;
- Search for keywords;
- Limit chatroom access on a user or global basis;
- Instant Messaging messages can be monitored or logged (your boss is watching) =]
As a proxy the BC ProxySG can:
- Allow selected protocols;
- Establish authentication rules for using IM services;
- Allow or deny attachments by file type;
- Allow or deny chat activity;
- Filter Keywords (my boss is the best);
- Block access to IM services by user or other means.
- Block encrypted IM services, because you do not know what information is being transmitted.
Monday, May 25, 2009
Analysing 401 authentication on the Blue Coat ProxySG
When a client attempt to access a website via the proxy the OCS can send to the client an authentication challenge. The response from the OCS includes a 401 code indicating either the authentication credentials from the user has failed or the user must send credentials for the requested resources. Note that a 401 message is different to a 407 message. 407 is from the proxy and 401 is from the OCS. Thus you may receive a 401 message even after you have successfully authenticated in response to a 407 message.
Below are the logs of client requests to www.google.com on the Blue Coat. You can see the initial 407 response to the proxy challenge:
2009-05-26 07:24:31 4 1.1.1.1 - - authentication_failed PROXIED "none" - 407 TCP_DENIED GET - http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 1095 352 -
2009-05-26 07:24:37 524 1.1.1.1 joe - - PROXIED "none" - 302 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 622 437 -
2009-05-26 07:24:39 536 1.1.1.1 joe - - PROXIED "none" - 200 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com.au 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 4253 407 -
2009-05-26 07:24:40 530 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/close_sm.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 380 543 -
2009-05-26 07:24:40 538 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/chrome_48.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 2756 544 -
2009-05-26 07:24:40 548 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/modules/buttons/g-button-chocobo-basic-2.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 619 575 -
Below are the logs of client requests to www.google.com on the Blue Coat. You can see the initial 407 response to the proxy challenge:
2009-05-26 07:24:31 4 1.1.1.1 - - authentication_failed PROXIED "none" - 407 TCP_DENIED GET - http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 1095 352 -
2009-05-26 07:24:37 524 1.1.1.1 joe - - PROXIED "none" - 302 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 622 437 -
2009-05-26 07:24:39 536 1.1.1.1 joe - - PROXIED "none" - 200 TCP_NC_MISS GET text/html;%20charset=UTF-8 http www.google.com.au 80 / - - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 4253 407 -
2009-05-26 07:24:40 530 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/close_sm.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 380 543 -
2009-05-26 07:24:40 538 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/chrome_48.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 2756 544 -
2009-05-26 07:24:40 548 1.1.1.1 joe - - PROXIED "none" http://www.google.com.au/ 200 TCP_MISS GET image/gif http www.google.com.au 80 /images/modules/buttons/g-button-chocobo-basic-2.gif - gif "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727)" 203.41.5.249 619 575 -
Sunday, May 24, 2009
Blue Coat ProxySG - How to find objects in the cache of the appliance.
There are a number of ways to determine if an object is being cached by the proxysg. Two methods are:
1. Querying the cache directly.
2. Inspecting the logs.
1. Querying the cache directly:
To find/view/see if an object is being cached we can query the cache directly by browsing to the absolute path of the object without the specification of the protocol. For example, if we were to browse to www.cisco.com we can find the object "home.min.js" is requested. The absolute path of this object is:
http://www.cisco.com/web/fw/j/home.min.js
Using this information we verify if the Blue Coat proxySG is caching this object. Simply attach the absolute path of the object to the Blue Coat URL minus the protocol. For example:
https://proxysg ip address:8082/CE/Info/http/www.cisco.com/web/fw/j/home.min.js
If the object is found then you should see a page with statistics regarding the object such as that below:
2. Inspecting the logs.
An object can also be verified to be in the cache by inspecting or looking at the logs. To do this start a tail in the management console or on the CLI:
In this scenario we have browsed to Cisco.com having been there before. As you can see we have many "HITS" indicating the object is being served from the proxy. There are also misses indicating the corresponding object has not been cached.
1. Querying the cache directly.
2. Inspecting the logs.
1. Querying the cache directly:
To find/view/see if an object is being cached we can query the cache directly by browsing to the absolute path of the object without the specification of the protocol. For example, if we were to browse to www.cisco.com we can find the object "home.min.js" is requested. The absolute path of this object is:
http://www.cisco.com/web/fw/j/home.min.js
Using this information we verify if the Blue Coat proxySG is caching this object. Simply attach the absolute path of the object to the Blue Coat URL minus the protocol. For example:
https://proxysg ip address:8082/CE/Info/http/www.cisco.com/web/fw/j/home.min.js
If the object is found then you should see a page with statistics regarding the object such as that below:
2. Inspecting the logs.
An object can also be verified to be in the cache by inspecting or looking at the logs. To do this start a tail in the management console or on the CLI:
In this scenario we have browsed to Cisco.com having been there before. As you can see we have many "HITS" indicating the object is being served from the proxy. There are also misses indicating the corresponding object has not been cached.
Friday, February 13, 2009
Subscribe to:
Posts (Atom)