ProxyAV Appliance Configuration and Management Guide, Version 3.4

Blue Coat Systems ProxyAV 3.4.x

Blue Coat ProxyAV Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 http://www.bluecoat.com/support/contactsupport bcs.info@bluecoat.com http://www.bluecoat.com. documentation@bluecoat.com Copyright 1999-2013 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. ProxyAV, ProxyOne, CacheOS, SGOS, SG, Spyware Interceptor, Scope, ProxyRA Connector, ProxyRA Manager, Remote Access and MACH5 are trademarks of Blue Coat Systems, Inc. and CacheFlow, Blue Coat, Accelerating The Internet, ProxySG, WinProxy, PacketShaper, PacketShaper Xpress, PolicyCenter, PacketWise, AccessNow, Ositis, Powering Internet Management, The Ultimate Internet Sharing Solution, Cerberian, Permeo, Permeo Technologies, Inc., and the Cerberian and Permeo logos are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. AND BLUE COAT SYSTEMS INTERNATIONAL SARL (COLLECTIVELY BLUE COAT ) DISCLAIM ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT, ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Americas: Rest of the World: Blue Coat Systems, Inc. Blue Coat Systems International SARL 420 N. Mary Ave. 3a Route des Arsenaux Sunnyvale, CA 94085 1700 Fribourg, Switzerland : 231-03157-ko_KR : 2011 12 ii

1:... 7... 7... 7... 7... 8... 8... 8 Blue Coat ProxyAV... 9 2: ProxyAV... 11... 12... 12 BlueTouch... 13... 13 Blue Coat Licensing Portal... 14 ProxyAV... 15 3: A: ProxyAV... 18... 19... 21... 21... 22 RADIUS... 23 RADIUS ProxyAV?... 24... 26... 26... 27... 27 HTTP... 27 HTTPS... 28... 29 iii

Blue Coat ProxyAV B: ID... 32... 32... 33 NTP(Network Time Protocol)... 34 IP... 35... 36 ProxyAV CLI( )... 37... 38 SSL... 40... 41 ProxyAV... 42 C: DNS... 43... 43... 45... 46... 47 D:... 49 ProxyAV... 50... 50... 52 E: SNMP MIB... 55 4: A:... 58... 58 B: AV... 60 AV... 60 Blue Coat Licensing Portal... 61 AV... 64... 65... 66 C: ProxyAV ProxyAV ICAP... 67 iv

D:... 69 ProxySG... 69 ProxyAV... 70... 72... 73... 74... 75... 76... 77... 77 Intelligent Connection Traffic Monitoring... 79 E: SNMP... 81... 83... 84 5:... 85... 85 CSV... 87... 87 6: A: ProxyAV OS... 90 ProxyAV... 91 B: C:... 93... 93 Requests History... 94 D: ICAP... 95 ProxyAV... 95 ping... 96... 96... 98... 99 Blue Coat... 99 v

Blue Coat ProxyAV... 100... 101 AV... 101... 101... 101... 101... 101 DNS... 101... 102... 102 ProxyAV... 103... 104 CLI... 105 7: :... 107... 107 ProxySG SGOS 5.5... 107 ProxySG SGOS 5.4... 108 ICAP... 109... 111 Blue Coat ProxyAV... 112 Visual Policy Manager:... 113 A: /... 117... 117 PXA... 117... 117 B:ProxyAV... 119 Blue Coat ProxyAV... 121... 121... 121... 122... 122... 123 C: vi

1: ProxyAV Blue Coat Systems ProxySG AV( ). 90%. HTTP, FTP, IM, P2P(peer-to-peer)., Code Red NIMDA.,. Blue Coat ProxySG/ProxyAV (HTTP 250+ Mbps). ProxyAV. ProxyAV. ProxyAV 3.4.x. ProxyAV210 ProxyAV510 ProxyAV810 ProxyAV1200 ProxyAV1400 ProxyAV2400 Blue Coat ProxyAV Blue Coat ProxySG ICAP(Internet Content Adaptation Protocol). SGOS,. ProxyAV 3.x ProxySG ( ). 7

Blue Coat ProxyAV SGOS 4.2.1 SGOS 4.3.1 SGOS 5.2.1 SGOS 5.3.1 (Secure ICAP ) SGOS 5.4.1 SGOS 5.5.1 ( ICAP ) SGOS 6.x(6.1.1.1, 6.2.1.1, 6.3.1.1) ProxyAV. Microsoft Internet Explorer, 6.x, 7.x,8.x Mozilla Firefox, 2.x,3.x Google Chrome,. ProxyAV ( ), Blue Coat A: "/ "(p. 117).. 1 1 1: "" 2: "ProxyAV " 3: " " 4: " " 5: "" ProxyAV. ProxyAV AV. IP ProxyAV. ProxyAV ProxySG ProxyAV. ProxyAV. 8

1 : 1 1 6: " " 7: " " A: "/ "(p. 117) B: "ProxyAV " C: " " ProxyAV,,. ProxyAV. OS. AV, ProxyAV. Blue Coat. Blue Coat ProxyAV ProxyAV. Blue Coat ProxyAV 210 Blue Coat ProxyAV 510 Blue Coat ProxyAV 810 Blue Coat Systems 1400 2400 Blue Coat Systems 1400 2400 9

Blue Coat ProxyAV 10

2: ProxyAV AV ProxyAV. ProxyAV AV. Blue Touch Online( WebPower) BLCP(Blue Coat License Portal). ProxyAV,.,, ProxyAV.. " "(p. 11) " "(p. 12) " "(p. 13) "Blue Coat Licensing Portal "(p. 14) "ProxyAV "(p. 15) ProxyAV.,. 8082 HTTPS HTTP. HTTP. : 1.. 2. https://proxyav_ip_address:8082..,. 11

Blue Coat ProxyAV. ProxyAV. Blue Coat.. :., Logout. : 1. Logout.. 2.. https://proxyav_ip_address:8082..,. EULA. : Blue Touch Online ProxyAV Automatic Registration Later. "BlueTouch "(p. 13). : 1. WebPower. 2. Register ProxyAV. a. EULA. Accept. b. EULA. 3. Continue. WebPower. 12

2 : ProxyAV BlueTouch BlueTouch Online( WebPower). BlueTouch : 1. Licensing.. 2. Blue Coat Licensing Portal Activate/Manage licenses. Blue Coat Licensing Portal. 3. BlueTouch.. 4. Login Assistance Request Login User ID/Password. 5.. Requestor Information WebPower 5. 6. Request Users 1., Blue Coat ProxyAV Automatic Registration., Blue Coat Licensing Portal. "Blue Coat Licensing Portal "(p. 14). : 1. Licensing. 2. License Administration Register appliance automatically (recommended). ProxyAV Automatic Registration. 3. WebPower. 4. Register ProxyAV. ProxyAV EULA. Accept. EULA. 5. Continue. ProxyAV Automatic Registration. WebPower. 13

Blue Coat ProxyAV : ProxyAV ProxySG, BCLP(https:// services.bluecoat.com) SSL. BLCP SSL. Blue Coat Licensing Portal BCLP. ProxyAV. BCLP : 1.. a. Licensing. Activate/Manage BCLP (Blue Coat Licensing Portal). b. URL. http://services.bluecoat.com/eservice_enu/licensing/register.cgi 2. BlueTouch Login. Registration. 3. Blue Coat Next. Activate Licenses. 14

2 : ProxyAV 4. (ProxyAV 2000 ) MAC (ProxyAV 2000 ).. I accept Next. 5.. a. Download License File. File Download Save ProxyAV. b. Open License File in a Browser Window Licensing License Key Manual Installation. 6. Save Changes ProxyAV. ProxyAV ProxyAV. ProxyAV, AV.. 30., ( ). ProxyAV. Licensing, ProxyAV,,,. 15

Blue Coat ProxyAV 7. 7 ProxyAV ICAP ProxySG License expired AV. ProxySG, Blue Coat ProxySG /. 16

3: ProxyAV.. A: " "(p. 18) RADIUS. B: " "(p. 32) ProxyAV IP CLI( ). C: " "(p. 43). D: " "(p. 49) ProxyAV. E: "SNMP "(p. 55) SNMP MIB ( ). 17

Blue Coat ProxyAV A: A: ProxyAV., ID.. ProxyAV : ProxyAV, ProxyAV. Blue Coat. RADIUS : RADIUS ProxyAV RADIUS. ProxyAV RADIUS. Blue Coat RADIUS. ProxyAV RADIUS ProxyAV. HTTP / HTTPS ProxyAV " "(p. 27). ProxyAV ICAP " "(p. 36). ProxyAV. ProxyAV. ProxyAV. ProxyAV. ProxyAV.. ProxyAV.,. 18

3: A: : 1. Authentication. 2. ProxyAV Local Authentication. 3. ProxyAV. ProxyAV.. RADIUS ProxyAV RADIUS. RADIUS ProxyAV ProxyAV..,. : ProxyAV Require Authentication. 19

3: A: : 1. Authentication. 2 3 4a,b 4c 2. ProxyAV Local Authentication. 3. Username. 4.. a. Current password,. b. New Password. 16. c. Verify New Password. 5. ( ) Session timeout 0 9999. 10. (). : 0. 6. Save Changes. 20

3: A: ProxyAV. :. : 1. Authentication. 2. Change Read-Only User data. 3.. 16. 4. Save Changes..,. / : 1. Authentication ProxyAV Local Authentication.. 2. Username. 3. Current Password. 4. New Password. 16. 5. Verify New Password. 21

Blue Coat ProxyAV A: 6. ( ) Session timeout 0 9999 (). 10. (). : 0. 7. Save Changes. ( ): ProxyAV. RADIUS. 1. Authentication > ProxyAV Local Authentication Change Read-Only User Data. 2. Username. 3. New Password. 16. 4. Verify New Password. 5. Save Changes. ( ): 1. Username. 2. Current Password. 3. New Password. 16. 4. Verify New Password. 5. Save Changes.. : 1.. 2. Authentication > ProxyAV Local Authentication Change Read-Only User data. 3. Username. 4. Delete Read-Only User.. 22

3: A: RADIUS ProxyAV RADIUS RADIUS. ProxyAV RADIUS RADIUS ProxyAV., ProxyAV RADIUS. ProxyAV RADIUS. RADIUS UDP IP. ( ) RADIUS UDP IP.. ProxyAV RADIUS,. ProxyAV RADIUS. ( ) ProxyAV RADIUS. RADIUS, RADIUS RADIUS. RADIUS. ProxyAV RADIUS, RADIUS ProxyAV. RADIUS. ProxyAV RADIUS Blue-Coat-Authorization (). : FreeRADIUS, Blue Coat bluecoat.dictionary. ProxyAV Authentication.. FreeRADIUS / 2 1 0 0 (1) (2). FreeRADIUS, Blue Coat ID 14501 Blue Coat Authorization 2. RADIUS. 23

Blue Coat ProxyAV A: RADIUS. RADIUS / ProxyAV. RADIUS : 1. Authentication. 2. ProxyAV RADIUS Authentication. 3. Primary RADIUS server IP,. ProxyAV RADIUS. 4. ( ) Secondary RADIUS server IP,. 5. Save Changes. 6. RADIUS ProxyAV RADIUS Blue-Coat-Authorization (). : RADIUS ProxyAV, Blue Coat ProxyAV..,. Blue Coat RADIUS. RADIUS ProxyAV RADIUS. RADIUS 5. RADIUS ProxyAV RADIUS.. RADIUS. RADIUS ProxyAV? ProxyAV ProxyAV. RADIUS. RADIUS 24

3: A: Blue-Coat-Authorization ' ' ' '. ProxyAV. ProxyAV. : FreeRADIUS FreeRADIUS v2.1.10 ProxyAV RADIUS.. FreeRADIUS ProxyAV IP. ProxyAV RADIUS. Blue Coat ProxyAV. ProxyAV Authentication bluecoat.dictionary. ProxyAV,,. FreeRADIUS ProxyAV : 1. freeradius ProxyAV IP. /etc/freeradius/clients.conf 2. ProxyAV FreeRADIUS. : client 10.10.10.0/24 { secret = testing123 shortname = ProxyAVNetwork } : (10.10.10.107) (10.10.10.0/24). 3. dictionary.bluecoat /usr/share/freeradius/. ProxyAV Authentication. 4. dictionary.bluecoat Blue Coat /usr/share/ freeradius/dictionary. /usr/share/freeradius/. $INCLUDE dictionary.xylan $INCLUDE dictionary.bluecoat $INCLUDE dictionary.freeradius.internal 25

Blue Coat ProxyAV A: 5. Blue Coat /etc/freeradius/ users. ProxyAV.. <User Name> Cleartext-Password := "<password>" Blue-Coat-Authorization = <RADIUS_VALUE or INTEGER_VALUE_CORRESPONDING_TO_PRIVILEGE>. ratnesh Cleartext-Password := "oldredken123" Reply-Message = "Hello", Blue-Coat-Authorization = Read-Write-Access 6. FreeRADIUS. ProxyAV. ProxyAV RADIUS RADIUS..? <Username> <Authentication system>. ProxyAV. ProxyAV (). 10.. : 1. ProxyAV. RADIUS. 2. Authentication > Session timeout 0 9999 (). 10. : 0. 26

3:., ProxyAV. Blue Coat. ProxyAV IP. : 1. ProxyAV. 2.. ProxyAV Local Authentication ProxyAV RADIUS Authentication. : Current Password. 3. Save Changes. ProxyAV (HTTP HTTPS). : 2.5.x, 8082 HTTPS HTTP. 2.5.x,. HTTP HTTP.. HTTP : 1. Network. 2. Management Console Access Enable HTTP Administration. 3. ( ). 4. Save Changes. 27

Blue Coat ProxyAV : ProxyAV,. HTTPS HTTP ( ). HTTPS HTTPS. HTTPS : 1. Network. 2. Management Console Access Enable HTTPS Administration. 3. ( ). 4. Save Changes. HTTPS, ProxyAV https://interface_ip:port URL. : https:// 10.0.0.2:8082. HTTPS HTTPS SSL.. HTTPS. : HTTPS SSL HTTP ProxyAV. SSL ProxyAV. "HTTP "(p. 27). HTTPS : 1. Network. Network Settings. 2. Management Console Access Ciphers list for HTTPS administration. Console List.. 3. Save Changes. 4. SSL HTTP HTTPS. 28

3: SSL HTTPS ProxyAV, ProxyAV /SSL SSL/ TLS. ProxyAV,. SSL, ProxyAV SSL SSL/TLS (SSL/TLS ClientHello. RFC 5746.). : 1. Network. 2. Management Console Access Enable Secure SSL Renegotiation. SSL, ProxyAV. ProxyAV. : Blue Coat SSL. Enable Secure SSL Renegotiation., ProxyAV. ProxyAV HTTPS.,.., ProxyAV. 29

Blue Coat ProxyAV ProxyAV ( / ). "ProxyAV "(p. 18) "RADIUS "(p. 23). ProxyAV, ProxyAV. : 1. ProxyAV. 2. Authentication. 3. Set Up Consent Banner. 4. Enable.... 30

3: 5. Banner Text. 2000. upload..jpg,.jpeg,.bmp,.gif.png. 6. Save Changes ProxyAV. : ProxyAV Advanced Set Up Consent Banner. 31

Blue Coat ProxyAV B: ProxyAV. ID, NTP(network time protocol)., ProxyAV, ProxyAV. : 1. Network. 2. Global Settings Appliance Name. 3. Save Changes. 32

3:,. : 1. Advanced > Date/Time Settings. 2a 2b 2.. a.. b. Time Zone Information. 3. Save Changes. 33

Blue Coat ProxyAV NTP(Network Time Protocol) ( ) ProxyAV. NTP : 1. Advanced > Date/Time Settings. 2. Network Time Protocol. 3a 3c 4a 4c 4b 3. NTP. a. Add. b., a. c. ( ) NTP. Promote Demote. 4. NTP. a. Enable. b. ( ) Acquire Time Now. 4c. c. Query Interval. 60. 5. Save Settings. 34

3: IP ProxyAV 0 1 ProxySG. ProxyAV Network. Blue Coat ProxyAV 400-E, 210, 510, 810 0. Blue Coat ProxyAV 2000-E, 1400, 2400 1.. ICAP,. IP. IP IP... : 1. Network. 2. Global Settings Default Gateway. : ( ) IP. 3 4 3. ProxyAV. a. Settings for Interface 0(, 2000-E : Interface 1) IP Address IP. b. Subnet Mask. c. Save Changes. 35

Blue Coat ProxyAV 4. ( ). a. Enabled. b. IP. c. Save Changes. /ICAP, ICAP ProxyAV SNMP IP.. LAN. ProxySG. ICAP. Blue Coat. : 1. Network. 2. Administration and ICAP Server Access List Add. Administration and ICAP Server Access Entry. 3. IP Address ProxyAV IP. 4. Mask. 5. Interface. 36

3: 6. Status. Allowed admin access: IP. Allowed ICAP access: ICAP ProxySG IP. Allowed SNMP access: SNMP ProxySG IP. 7. Save Changes. : ( ) ICAP. ProxyAV HTTP HTTPS. URL. http://interface_ip:port https://interface_ip:port. : https://10.0.0.2:8082. ProxyAV CLI( ) ProxyAV CLI. CLI : 1.. : 9600 bps, : 8, :, : 1, :, : VT100 2. <Enter>.. Welcome to the Appliance Serial Console Version: ProxyAV 3.2.4.1, Release id: 42961 ------------------------- MENU--------------------------- 1) Command Line Interface 2) Setup Console -------------------------------------------------------- 3. 1. 4.. 5. enable. ProxyAV>enable Enable Password:. 37

Blue Coat ProxyAV SSL. SSL ID. /..,. ProxyAV SSL. HTTPS(HTTP ) ProxyAV,. HTTP. HTTPS "HTTPS "(p. 28). ProxyAV : 1... 2.. "SSL "(p. 40). CA.. SSL " "(p. 41). 3. ( ) CA( ) CSR( ). : Blue Coat ProxySG SSL,.. ProxyAV. 1. Advanced > SSL Keyrings. 2. Create. SSL Keyring. 38

3: 3 4 5 3. Keyring Name. 4. ( ) Show Keyring. 5.. Create new bit keyring. 1024 ( ). ProxyAV..,. OK... Import keyring. Keyring.. Keyring Password. OK. 3-1.. 6. SSL. 39

Blue Coat ProxyAV SSL ProxyAV, SSL. a. Advanced > SSL Certificates. 6b 6c b. Keyring. c. Create. SSL Certificates. d.. State/Province /. Country Code ISO. City/Location /. Organization. Unit. 40

3: Common Name URL. E-mail Address 40. Not valid after. e. OK. Network HTTPS. 1. Network. 2. Management Console Access Keyring. SSL. 3. Save Changes. ProxyAV. 1.. Begin Certificate End Certificate. 2. Advanced > SSL Certificates. 3.. 4. Import. 5.. OK. HTTPS. ProxyAV Network. ProxyAV. 41

Blue Coat ProxyAV ProxyAV ProxyAV HTTPS. ProxyAV CA (Advanced > CA Certificates). SSL : 1. Keyring, Advanced > Keyring. 2. SSL versions SSL. 3. Save Changes. : If you have configured a SOCKS or HTTP Proxy in the Network > Proxy Server for Updates SOCKS HTTP Proxy, HTTPS.. " SSL "(p. 29). 42

3: C: DNS. ProxyAV DNS( ) 3. DNS. 2 3.. DNS : 1. Network. 2. DNS Search Order, 2 3 DNS IP. 3. Save Changes. ( ) ProxyAV. : 1. Network. Network Settings. 2. Proxy Servers for Updates(). Proxy Server. 43

Blue Coat ProxyAV 3. Add. Proxy Server. 5a 5b 4 6 4.. HTTP Proxy: HTTP ProxyAV. SOCKS Proxy: SOCKS ProxyAV. 5.. a. Host HTTP SOCKS IP. b. Port. 6. (, HTTP Proxy ) Enable Proxy Authorization.. 7. Save.. 44

3: 3 1. 8.. : Proxy Server. Delete. ProxyAV. ProxyAV SMTP DNS. ProxyAV, ProxyAV. ProxyAV. : 1. Advanced > Route Table. 2. Add. Routes entry. 45

Blue Coat ProxyAV 3. Destination IP. 4. Mask. 5. Interface ProxyAV. 6. Gateway. 7. Save Changes. 8.. ARP( ) 3 (IP ) 2 (MAC ). 3 2. ARP IP MAC ARP. ARP ARP ARP, ARP MAC IP. ARP, ProxyAV ARP IP MAC ARP. ProxySG ProxySG ProxySG. ProxySG IP ARP. ProxyAV ARP, IP ARP IP MAC ProxySG.. VIP( IP) VMAC( MAC),. VIP ARP VMAC( ). VMAC MAC,. ARP ARP ARP. 46

3: ARP : 1. Advanced > ARP Table. 2. IP. 3. MAC. 4.. 5. Add. ARP : 1. Clear Arp Table. ARP, ARP ARP. ProxyAV.. : 1. Advanced > Ethernet Adapter Media Type. Current Media State.. 47

Blue Coat ProxyAV 2... Auto, 10Mbit/Half, 10Mbit/Full, 100Mbit/Half 100Mbit/Full. : AV810, AV1200, AV1400 AV2400 Auto. 3. Save Changes. :. / Save Changes Confirm Media Type Changes. ProxyAV 2. 48

3: D: ProxyAV. ProxyAV. ProxyAV ProxyAV. 49

Blue Coat ProxyAV ProxyAV ProxyAV. ProxyAV. 3.x. ProxyAV v3.2. "ProxyAV OS "(p. 90). Blue Coat License Portal ProxyAV. "Blue Coat Licensing Portal "(p. 14)... ProxyAV. ProxyAV. AV... Blue Coat. AV.zip..zip ProxyAV. : 1. AV Blue Coat. URL,. AV Kaspersky McAfee Panda Sophos http://av-download.bluecoat.com/updatefiles/ Kaspersky8_1/Kaspersky_UpdateDescriptor.xml http://av-download.bluecoat.com/updatefiles/mcafee/ mcafeev2_updatedescriptor.xml http://av-download.bluecoat.com/updatefiles/panda/ panda_updatedescriptor.xml http://av-download.bluecoat.com/updatefiles/sophos/ sophos_updatedescriptor.xml 50

3: AV Symantec TrendMicro http://av-download.bluecoat.com/updatefiles/symantec9/ symantec_updatedescriptor.xml http://av-download.bluecoat.com/updatefiles/trendmicro/ TrendMicro_UpdateDescriptor.xml 2. XML. a. View Source. b. Save. URL, panda_updatedescriptor.xml. 3... a. XML. b. PACKAGE LOCATION.zip.. <PACKAGE> <LOCATION><![CDATA[panda_091006.080811.1.4.3.4_5.04.03.0000.184 9858.zip]]></LOCATION> c. XML.zip Enter..zip. d..zip. 51

Blue Coat ProxyAV ProxyAV. IP,, DNS. ProxyAV. : 1.. (Network ) IP (Network ) DNS (Network ), ICAP SNMP (Network ) ( ) NTP (Advanced > Date/Time Settings > Network Time Protocol ) 2. Advanced > Closed Network Setup. 3. Configure for Closed Network. Firmware update, Antivirus update NTP Disabled. 4.. a. Antivirus set URL. Update Setting. 52

3: 4b 4b 4c b. Update frequency 1. c. Custom.zip. d. Save Changes. e. AntiVirus Settings Force Update.. f. Firmware Update. 5a 5b 53

Blue Coat ProxyAV 5. AVOS (). a. Closed Network/Direct update. b. AVOS. c. Save Changes. Save Changes. 54

3: E: SNMP SNMP( ). SNMP. MIB II AV MIB SNMPv2 SNMPv3. : SNMP SNMP " "(p. 36). SNMP : 1. Advanced > SNMP. SNMP. 2. syslocation. : 1stFloorLab. 3. syscontact. : LabTechNigel. 4. Trap Community Trap Community Verify Trap Community Trap Community. 5. Interface for SNMP. 6. Send Traps To IP 3. 7. Enable Authorization Traps SNMP ProxyAV. 8. SNMP Version SNMPv2 SNMPv3. a. SNMPv2 :. b. SNMPv3 :. 9. Save Changes. MIB MIB( ) (ASN.1 ). SNMP, MIB. ProxyAV MIB zip Blue Coat. MIB : Download MIBs here. Opening AV_MIBs.zip. zip Open. zip Save. : zip. 55

Blue Coat ProxyAV 56

4: AV( ) ProxySG ProxyAV.. A: " "(p. 58) AV. B: " "(p. 60) AV,. C: " ProxyAV "(p. 67) ProxySG ProxyAV ICAP. D: " "(p. 69) ProxyAV. E: " "(p. 81) ProxyAV 57

Blue Coat ProxyAV A: A: AV( ). ProxySG/ProxyAV B: "ProxyAV ". Blue Coat ProxyAV ICAP ProxySG ProxyAV. Blue Coat Blue Coat VPM(Visual Policy Manager) Blue Coat VPL(Content Policy Language).. AV.. Blue Coat ProxySG/ProxyAV....... ProxySGProxyAV..,.,.. ProxyAV AV.. ProxyAV File Scanning Timeout.. AV. AV, ProxyAV. 58

4: A: AV. Sophos, Maximum File Size. AV. ProxyAV.. AV. ProxySG ProxySG ICAP ProxyAV.. 3 AV 3 ( ). 16 ~ 20.. ProxySG ProxyAV. AV ( ). 59

Blue Coat ProxyAV B: B:. Blue Coat,. Blue Coat. AV ProxyAV 30 AV., Blue Coat AV. ProxyAV. ProxyAV. ProxyAV 30, 15, 7, 3 1. AV : Licensing. Licensed Components AV, ( ),. AV ProxyAV AV. ProxyAV "Blue Coat Licensing Portal "(p. 61). AV : 1. Blue Coat. 2. Licensing. Licensing. 60

4: B: 3. License Key Automatic Installation Update. 4. Licensed Components. 5. Save Changes ProxyAV. Blue Coat Licensing Portal ProxyAV BCLP(Blue Coat Web Licensing Portal) BCLP. BCLP : 1. Licensing. Licensing. 2. License Administration Activate/Manage. Blue Coat Licensing Portal. 3. Blue Touch Login. " "(p. 61). ProxyAV, " "(p. 63). ProxyAV AV, Blue Coat. Blue Touch. : 1. Blue Coat Enter Activation Code. 2. Next. 61

Blue Coat ProxyAV B: 3. Hardware Serial Number Next. EULA( ). 4. EULA Submit. Download AV License. 5.. a. Download License File. File Download Save Save As ProxyAV. Save. b. Open License File in a Browser Window Licensing License Key Manual Installation. 6. Save Changes ProxyAV. AV Licensing Licensed Components. 62

4: B: ProxyAV BCLP AV. BCLP : 1. BCLP Retrieve a License Key File. Retrieve License File. 2. Submit. Download AV License. ( General License Information ProxyAV Licensing ProxyAV.) 3.. a. Download License File. File Download Save Save As ProxyAV. Save. b. Open License File in a Browser Window Licensing License Key Manual Installation. 63

Blue Coat ProxyAV B: 4. Save Changes ProxyAV. AV AV. AV. AV. Antivirus ProxyAV AV. Antivirus Settings : Antivirus.. Vendor: AV. Scan Engine Version:. Pattern File Version:,. Days Remaining:.. Action: ProxyAV 30. " "(p. 65). Update ProxyAV.. Force Update Update ProxyAV ProxyAV. 64

4: B: CLI show licenses, AV, AV,. show licenses McAffee, Inc. (expired on 08/26/2007, grace period - 3 days left) Sophos, Pic. (expired on 08/26/2007, grace period - 3 days left) Kaspersky Labs (expired on 08/26/2007, grace period - 3 days left) ProxyAV ( ). : 1. Antivirus. Antivirus Settings. 2. Update Settings. Update Settings. 3. Update Frequency () ( 30). 4. Save Changes. 65

Blue Coat ProxyAV B: ProxyAV. ProxyAV. : 1. Antivirus. 2. Update Settings. Update Settings. 3 4 3. Update Location Custom. 4.. : http://www.company.com/avserver/patterns/ 5. Save Changes. 66

4: C: ProxyAV C: ProxyAV ProxyAV ICAP(Internet Content Adaptation Protocol). ICAP ICAP ICAP. ICAP ProxyAV ProxySG HTTPS. ProxyAV ICAP ICAP ProxySG ProxyAV. HTTP ProxyAV ProxyAV ProxySG ICAP. IP, ICAP. ProxyAV ProxySG ICAP ProxyAV ICAP. ICAP. ICAP. ProxyAV210: 25 ProxyAV510: 50 ProxyAV810, 1200, 1400 2400: 100 : ProxySG ICAP Sense settings. ProxyAV ICAP. ICAP SSL SGOS 5.3. ProxySG ProxyAV ICAP. ICAP ProxySG. SGOS 5.5.x Blue Coat ProxySG. SGOS 5.4.x Blue Coat ProxySG. 67

Blue Coat ProxyAV C: ProxyAV ProxyAV ICAP : 1. ICAP Settings. ICAP Server Settings. ICAP ICAP. 2. plain, secure ICAP. ICAP (ProxySG) ICAP ICAP plain. ICAP (ProxySG) ICAP secure. HTTPS ProxySG. ICAP (ProxySG) ICAP ICAP plain secure. 3. ICAP. ICAP 1344. ICAP 11344. 4. ICAP, Keyring SSL. " "(p. 38). 5. Antivirus service name ICAP. ProxyAV ICAP ProxySG IP. ProxyAV IP 10.0.0.2 avscan, ProxySG Edit ICAP Service Service URL icap://10.0.0.2/avscan. 6. Save Changes. ProxyAV ICAP Server ProxyAV.. 68

4: D: D: ProxyAV., Blue Coat. ProxySG/ProxyAV. ProxySG. Blue Coat.. "";ARJ;BAT;BIN;BMP;BOO;CAB;CHM;CLA;CLASS;COM;CSC;DAT;DLL;DOC;DOT;DRV; EML;EXE;GIF;GZ;HLP;HTA;HTM;HTML;INI;JAR;JPG;JPEG;JS;JSE;LNK;LZH;MDB;MP D;MPP;M PT;MSG;MSO;NWS;OCX;OFT;OVL;PDF;PHP;PIF;PL;POT;PPS;PPT;PRC;RAR;REG; RTF;SCR;SHS;SYS;TAR;TIF;VBE;VBS;VSD;VSS;VST;VXD;WML;WSF;XLA;XLS;XL T;XML;Z;ZIP;{*; MIME. audio; pdf multipart; x director video : Blue Coat. ProxySG SGOS 5.4. ProxySG. ProxySG SGOS 5.5.1. Blue Coat..... CPL : Real Media. define condition FileExtension_lowrisk url.extension = rm end condition FileExtension_lowrisk 69

Blue Coat ProxyAV D: <Cache> condition=! FileExtension_lowrisk response.icap_service(icap,fail_closed) VPM : Destination a File Extension, Real Media. ( ). 4 1. CPL : HTML Zip. define condition FileExtension_highrisk url.extension=html url.extension=zip end condition FileExtension_highrisk <Cache> condition=fileextension_highrisk response.icap_service(icap,fail_closed) VPM :. Destination a File Extension, HTML Zip. 4 2. ProxyAV (Kaspersky Sophos AV ). Kaspersky Sophos AV.,. ProxyAV (: JPG GIF ),,,,,,. 70

4: ProxyAV Microsoft.. zip Word JPG, Word JPG. zip. : 1. Antivirus > Scanning Behavior. Scanning Behavior. 2. Manage Files by File Types. 4 3 3 4 Kaspersky 3. Apparent Data Types Enabled. 4. ( ) Kaspersky Sophos. a. (Kaspersky ) True type of all files included in any container.,.. b. (Sophos ) Detect weak types ProxyAV 100%. 5.. Don t scan AV ProxySG. Block ProxyAV ProxySG ( : file_type_blocked). Scan ProxyAV ProxySG. 6. Save Changes. : Unknown file type ProxyAV. 71

Blue Coat ProxyAV ProxyAV. ( ()), ().. ProxyAV ProxyAV ProxySG. Blue Coat ProxySG. ProxyAV. : 1. Antivirus > Scanning Behavior. Scanning Behavior. 2. Manage Files by File Types. 3. File Extensions. List files extensions to block. List file extensions that do not need to be scanned., Blue Coat. 4. Save Changes. AV ProxyAV. 72

4: ProxyAV.. ProxyAV 15~30%.. Kaspersky Kaspersky AV. AV1200, AV1400 AV2400 AV210, AV510 AV810. Kaspersky AV, Blue Coat AV210, AV510 AV810 CPU. CPU : 1. Advanced > On Board Diagnostics.. 2. CPU Current State OK. : CPU Warning Critical Kaspersky. Kaspersky McAfee : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 3. Heuristic Parameters Enabled. 4. Save Changes. : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 3. Heuristic Parameters Enabled. 4. Save Changes. 73

Blue Coat ProxyAV ProxyAV. ICAP,.. ( ). AV. Kaspersky not-a-virus. not-a-virus:adware.xupiter.o not-a-virus:dialer.win32.playgames.g not-a-virus:downloader.win32.agent.b AV : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 74

4: 4 1 3. Extended options AV. ProxyAV : : Kaspersky Trend Micro Symantec Sophos McAfee Detect Spyware/Detect Adware Enable Anti-virus engine heuristic Detect Adware/Detect Spyware Detect Spyware/Detect Adware Detect Spyware/Detect Adware Detect Potentially Unwanted Programs., Detect Spyware. AV1200, AV1400 AV2400. "Kaspersky "(p. 73).. Detect Adware Detect Spyware. Panda Detect Spyware 4. Save Changes...,.. 75

Blue Coat ProxyAV : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 3. Level Of Macro Detection Low, Medium, High Highest. Blue Coat Medium. 4. Save Changes. AV. ProxySG ProxyAV ICAP. ProxySG ProxySG ProxyAV ProxyAV. ProxySG ProxyAV. ProxySG 70. TCP. ProxyAV. ProxyAV ProxySG 500 - ICAP Communication. AlertsLogFile.log. Antivirus > Scanning Behavior. Timeout under Block file if an error occurs during antivirus scan. " "(p. 77). :. ProxyAV. ProxyAV. : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 3. Files scanning Timeout ProxyAV (). 800 10, 3600(60). 4. Save Changes. 76

4:. (MB).. ProxyAV RAM. ProxyAV 210 AV510: 768MB ProxyAV 810, AV1200, AV1400 AV2400: 2GB (MB).. ProxyAV 210 AV510: 3000MB ProxyAV 810, AV1200, AV1400 AV2400: 4GB. 100,000... Panda: 30 McAfee: 300 Trend Micro: 20; : 100. ProxySG (X-Error-details X-Virus-Details ICAP ProxyAV ProxySG ) ProxyAV Log File ( 5:"" ). Antivirus > Scanning Behavior. ProxyAV.. ProxyAV.. serve. 77

Blue Coat ProxyAV : 1. Antivirus. 2. Scanning Behavior. Scanning Behavior. 3. Policies For Antivirus Exceptions Serve Block. File scanning timeout. Maximum individual size exceeded. Maximum total uncompressed size exceeded. Maximum total number of files in archive exceeded. Maximum archive layers exceeded. AnhLab, Kaspersky McAfee. Sophos Other errors. Decode/decompress (unsupported compression method, corrupted compression file).. (Panda.) Password protected compressed file. (Panda.) Out of temporary storage space ProxyAV. Other errors. 4. Save Changes. 78

4: Intelligent Connection Traffic Monitoring ICTM(Intelligent Connection Traffic Monitoring) ProxyAV..., ProxySG ProxyAV. ICTM ProxyAV. ProxyAV URL ( SNMP ), URL ProxySG. ProxyAV. ICTM : 1. Advanced Intelligent Connection Traffic Monitoring (ICTM). 2 3 4a 4b 4c 5a 5b 2. Enable Intelligent Connection Traffic Monitoring (ICTM). 3. (). 30. Blue Coat 60. URL.. 79

Blue Coat ProxyAV 4.. a. 2. ProxyAV ICMP. " "(p. 80). b.. Alerts > Alerts Settings. AlertLog. c. Blue Coat ProxyAV (). (0). 5.. a. ProxyAV ( ).. (4). b. (4b). " "(p. 80). 6. Save Changes. ProxyAV. (4(p. 80)): ICAP 70%. ProxyAV 210: 17 ProxyAV 510: 35 ProxyAV 810, 1200, 1400 2400: 70 (5(p. 80)): ICAP 90%. ProxyAV 210: 22 ProxyAV 510: 45 ProxyAV 810, 1200, 1400 2400: 90 80

4: E: ProxyAV SNMP. SNMP SNMP. E-mail:. " "(p. 83). Logging: AlertLogFiles.log. SNMP Trap: SNMP. : InternalInfo.log. SNMP : 1. Alerts. Alerts. 2. SNMP. 81

Blue Coat ProxyAV Virus is found: ICAP. URL. URL. : http://virus.com hxxp://virus.com. File was passed through without being scanned: Antivirus ProxyAV.. File was blocked (exclude virus case):.. Subscription Expiring: ProxyAV AV. ProxyAV. Firmware update available: ProxyAV. "ProxyAV OS "(p. 90). Firmware update failed:. Firmware update succeeded: ProxyAV. License update failed:. License update succeeded:.. Antivirus update failed:.. Antivirus update succeeded:. On Board Diagnostics: ProxyAV SNMP SNMP. Intelligent Connection Traffic Monitoring (ICTM):. 3. Save Changes ProxyAV. 82

4:. : 1. Alerts. 2. Alerts Settings. 3. Sender e-mail address ( ). : ProxyAV_123@example.com. 4. Recipient e-mail address ProxyAV.. user1@company.com,user2@company.com,consultant@otherco.com. ProxyAV AlertErrors.log. 5. SMTP server address IP (: mail.example.com). 6. SMTP. : a. SMTP Authorization Enabled. b. 110. ProxyAV SMTP POP, 110. c.,. 7. Save Changes. : ProxyAV. 5:"". 83

Blue Coat ProxyAV.,. Advanced > Messages, Protocol, Event Command Type. Alert. Substitute. : 1. Advanced > Messages. 2.. Alert Modify (/ ) Substitute( ) Message. 3. Custom. 4.., HTML.. 5. Save Changes. 84

5: ProxyAV. ProxyAV Blue Coat syslog. ConnLog.exe ConnLogXP.exe are Blue Coat. ConnLog.exe ConnLogXP.exe Windows. 8001 ProxyAV... Blue Coat : 1. Log Files. 2. Get log receiver application(connlog.exe) Get Windows based log receiver application(connlogxp.exe). 3. ( ) ProxyAV, a. ConnLog.exe /p:<port_number>. b. ConnLogXP.exe File. ProxyAV. 85

Blue Coat ProxyAV : 1. Log Files. 2 3 4 5 6 7 8 9 2. Logging Enable sending logging information to remote computer. 3. Connection logs / Audit logs Use syslog protocol. Use syslog protocol syslog. CSV syslog. 4. ( ) Address IP. 5. ( ) TCP/IP UDP. 6. ( ) ProxyAV Classic. Blue Coat. MS Proxy 2.0: Microsoft Proxy. ISA W3C:. User Defined:. 7. ( ) ( ) User Defined, Include W3C headers. Delimiter Comma Space. 8. ( ) Format String. User Defined,. Token list. 9. ( ) Do not log health checks. 10. Save Changes. 86

5: CSV ProxyAV CSV. CSV. 1. Log Files. 2 3 4 2. CSV Logging Enable logging of viruses to CSV format. 3. Hour, Day, Month Week. 4. Field delimiter. 5. Save Changes. Log Files Log Files.. AlertErrors:. ProxyAV Alerts,. SMTP. AlertLogFile.log: Alerts Enable alerts logging to file. AlertErrors.log. : AlertLogFile.log 1MB AlertLogFile_YYYY_MM_DD_N.log AlertLogFile. AlertLogFile 35MB ProxyAV. boot.log:. Blue Coat. diagnostics.log: : AV,. 87

Blue Coat ProxyAV diagnosticsprev.log: diagnostics.log 3MB diagnosticsprev.log. diagnostict.log:. Blue Coat. diagnostictprev.log: diagnostict.log 3MB diagnostictprev.log. virus-log-date.csv: CSV., Blue Coat. D: " "(p. 95). 88

6: ProxyAV.. A: "ProxyAV OS " ProxyAV. B: " " ProxyAV. C: "" History, Detailed Statistics Requests History. D: " " ProxyAV. 89

Blue Coat ProxyAV A: ProxyAV OS A: ProxyAV OS ProxyAV (AVOS) HTTPS. A: "/ ". ProxyAV OS. ProxyAV OS(AVOS) UI. ProxyAV,. Firmware Update.. Disable Firmware updates ProxyAV. Check, but don t retrieve updates ProxyAV.. ( ). Check and retrieve update (Recommended) ProxyAV. ProxyAV. Update Now. Closed Network/Direct Update ProxyAV.. " "(p. 49).. Update Location Blue Coat Use Default URL (Default ). : ProxyAV OS. Antivirus > Update Settings Update frequency ProxyAV AV. 90

6 : A: ProxyAV OS ProxyAV ProxyAV ProxyAV. ProxyAV : 1. Firmware Update.. ProxyAV Update Now. 2. Update Now. ProxyAV. Home. Current Downloads. OS ProxyAV.. ProxyAV : 1. Blue Touch Online (https://bto.bluecoat.com/download/proxyav). 2. OS. 3.. 4. Firmware Update. 5. Closed Network/Direct update Update Location ( ) URL. 6. Update Now. AVOS ProxyAV. 91

Blue Coat ProxyAV B: B: ProxyAV. ProxyAV ProxyAV ProxyAV. : ProxyAV ProxyAV.. : 1. Utilities. 2.. a. Save Configuration. File Download. b. Save. Save As. c.. d. ( ). e. Save. : 1 2 92

6 : B: 1. Browse. 2. ( ) Overwrite current IP configuration with the IP settings from uploaded file IP. IP ProxyAV IP,. 3. Upload and Apply. 93

Blue Coat ProxyAV C: C: ProxyAV.,., 60, 24, 30. : 1. Advanced > History statistics. 2.. CPU Usage CPU. Memory Usage. ICAP Objects ICAP. Connections. 30 ICAP 70 30 ICAP 60 1 ICAP 70. ICAP Bytes ICAP.. : Advanced > Detailed stats. Requests History: Requests History. Concurrent connections: ProxyAV. Total objects being processed: ProxyAV... : Receiving, Queued, Scanning, or Replying. ProxySG IP. ( ).. Plain Secure ICAP. 94

6 : C: : Requests History http://www.website.com/images/pic.gif Receiving, 111 bytes, 14 ms, Plain http://banners.advertise/adview.php?what=welcome Scanning, 21,631,234 bytes, 30 ms, Secure Requests History. Advanced > Detailed Statistics Requests History. Number of requests:. 0 1,000. 0. 50. Save Changes ProxyAV. List of requests:.. Timestamp:. ProxySG IP: ProxySG IP. Size: ( ). Result: Clean, Virus Error. Time taken: ProxyAV (ms ). Mode: ICAP (Plain Secure). Refresh Now. 95

Blue Coat ProxyAV D: D: ProxyAV. ICAP 500-ICAP Communication Error... ProxySG. ProxySG ProxyAV. Cannot establish connection to service. ProxyAV AlertLogFile.log.,. : View log file AlertLogFile.log... ProxyAV ProxyAV ProxySG, ProxySG (ProxyAV ). ProxySG ProxyAV. ProxyAV ProxySG. CPL: inline policy local eof <Cache> response.icap_service(respav) <Proxy> request.header.user-agent="proxyav" patience_page(no) eof 96

6 : VPM: 1. Policy > Add Web Access Layer. 2. Source Set. 3. New Request Header. 4. Header Name User-Agent. 5. Header Regex ProxyAV. 6. OK, OK. 7. Policy > Add Web Content Layer. 8. Action Set. 9. New ICAP Response Service. 10. Use ICAP Response Service ICAP. 11. OK, OK. 12.. ping ping. ping : 1. Advanced Ping Utility. 2. IP Address ping IP. 3. Ping. ProxyAV (SR) Blue Coat. ProxyAV. zip Blue Coat. Blue Coat. :, Blue Coat. 97

Blue Coat ProxyAV ProxyAV. Save Troubleshooting Information Files: ProxyAV. Enable Additional Kaspersky Diagnostic Logging: (Kaspersky AV ) Kaspersky AV. Utilities > Diagnostics InternalInfo.log Log Files AVScannerInternal.log. Enable ProxyAV Driver Logging:. ProxyAV LED. Log Files driver.log driver.prev.log. Enable ProxyAV Application Logging:. ( ), ( ), ( ).. CPU, Blue Coat Blue Coat. Log Files configurator.log Debugger.log. Debugger.log Debugger.prev.log. MPLOG. MPLOG MPLOG0, MPLOG1 MPLOG_Critical. MPLOG0.Out. 25MB MPLOG0.Out MPLOG0.Prev.Out. MPLOG1.Out AV ProxyAV. MPLOG1.Out MPLOG1.Prev.Out. MPLOG_Critical.Out MPLOG0.Out MPLOG0.Prev.Out. ProxyAV MPLOG_Critical.Out MPLOG_Critical_Prev.Out MPLOG_Critical.Out. Blue Coat. Enable ProxyAV Task Monitor:. Log Files AVStats.log. 98

6 : Enable Email Alert on ProxyAV Reboot: Alerts > Alert settings.. ProxyAV Log Files. ProxyAV zip.. ProxyAV.. : 1. Advanced Troubleshooting. Troubleshooting Information. 2. Enable keeping Troubleshooting information files.. 3. Save Changes. 99

Blue Coat ProxyAV : 1. Log Files Delete.. Blue Coat Blue Coat.. ProxyAV ProxyAV. zip. zip. : 1. Troubleshooting Information Click here to download troubleshooting file. File Download zip. 2. Save. Save As. 3. zip Save. zip. Blue Coat SR( ) Blue Coat. SR Blue Coat WebPower. Advanced > Troubleshooting, Log Files Log Files ProxyAV. https://upload.bluecoat.com HTTPS 443. : ProxyAV ProxySG, https://upload.bluecoat.com SSL. SSL. Network > Proxy Servers for Updates. " "(p. 43). 100

6 : : 1. Advanced Troubleshooting. Troubleshooting Information. 2. Service Request Number SR. 3. Send. ProxyAV logs.zip Blue Coat. Send Service Information SR. 4. Cancel. ProxyAV upload.bluecoat.com. 5. Send. : SR,. Blue Coat ProxyAV. Advanced Additional Services. Enable sending Troubleshooting Information files: Blue Coat. Enable tech support remote access: Blue Coat ProxyAV. Enable ping to Interface IP: ProxyAV IP ping. Enable advanced DNS: DNS. Save Changes. 101

Blue Coat ProxyAV ProxyAV. Utilities. AV ProxyAV AV. AV. AV TCP/IP. AV. AV. ProxyAV. ProxyAV... TCP/IP... boot.log. TCP/IP. Diagnostics. Blue Coat.. Blue Coat Blue Coat. DNS DNS. 102

6 : ProxyAV. ProxyAV ProxyAV. B: " " (p. 92). ProxyAV CPU,,. ProxyAV 510. : 1. Advanced > Onboard Diagnostics.,, /. state. OK. WARNING. 103

Blue Coat ProxyAV CRITICAL. 2. SNMP. Alert Enabled:, AlertLogFile.. SNMP Traps Enabled:, CPU, SNMP., SNMP OK Warning Critical. 3. CPU,,.. 4. Save Changes ProxyAV. ProxyAV ProxyAV.. : SNMP On Board Diagnostics. " SNMP "(p. 81). : State Change Interval( ). CPU 80% 100% Critical. Utilities Soft Reboot ProxyAV. AV " "(p. 101).. ProxyAV 210, AV510 AV810.. Reset. ProxyAV 1400 AV2400 Reset. : AV1400 AV2400 NMI. Reset. 104

6 : ProxyAV. ProxyAV. ProxyAV. CLI( ) ProxyAV. (ProxyAV 510 810 ): 1. System LED. 2. Enter. 3. Restore factory defaults. 4. Enter. CLI( ) : : ProxyAV. AV210, AV1200, AV1400 AV2400 CLI. 1. ProxyAV CLI "ProxyAV CLI( ) "(p. 37). 2. enable. ProxyAV>enable Enable Password:. 3.. ProxyAV#restore defaults 105

Blue Coat ProxyAV CLI CLI. ProxyAV. ProxyAV. Restore hardware def.? ProxyAV,,. ProxyAV, Firmware. "ProxyAV OS "(p. 90). Restore boot? ProxyAV., Blue Coat. Reboot. Exit. ProxyAV. CLI : 1. ProxyAV CLI. "ProxyAV CLI( ) "(p. 37). 2. Press any key during 5 seconds to access Boot menu. 3. Restore hardware def.?.. ProxyAV. 106

7: ProxyAV. : Blue Coat SGOS. : ProxySG ProxyAV. ProxyAV ICAP, ( HTTP ) ( HTTP ) 5. ProxySG SGOS. SGOS 5.5 ProxySG SGOS 5.5. SGOS 5.4 ProxySG SGOS 5.4. ProxyAV IP. 10.0.0.2 ProxySG IP : 10.1.1.1 ProxySG SGOS 5.5 Blue Coat SGOS 5.5.1.. ProxyAV, URL WebPulse Blue Coat WebFjilter. WebPulse Blue Coat WebFilter. ProxySG ProxyAV. ProxySG ProxyAV WebPulse. Blue Coat WebFilter WebPulse 107

Blue Coat ProxyAV. WebPulse SGOS Blue Coat WebFilter WebPulse.. Windows.. ProxySG. 1. Configuration > Threat Protection > Malware Scanning ICAP ProxySG ProxyAV. 2..,. SGOS. 3.. " "(p. 111). SGOS. ProxySG SGOS 5.4 ProxySG ICAP ProxyAV. 1. ProxySG ICAP. 2... 3. ProxyAV ProxySG ICAP. 4. ProxySG ProxyAV. : SGOS 5.2.x. ICAP. SGOS Blue Coat. 108

7: ICAP ICAP ProxySG. ProxyAV ICAP. ICAP : 1. Configuration > External Services > ICAP Services. 2. New. 3. ICAP service name icap_response1 OK. 4. icap_response1 Edit. Edit ICAP Service. 5a 5b 5c 5d 5e 5.. a. Service URL : ProxyAV. icap://10.0.0.2/avscan 1344,. : icap://10.0.0.2:91/avscan b. Maximum Number of Connections ProxySG ICAP. c. Connection timeout ProxySG ICAP (). d. Notify administrator: Virus detected ICAP.. e. Virus found page: Use vendor s virus found page(sgos 5.2.x) ProxySG. 109

Blue Coat ProxyAV 6. ICAP v1.0. a. ( ) Sense Settings ICAP ICAP. b. ICAP. : ICAP (ProxyAV ) URL. c. Preview size (bytes) preview size enabled. ICAP. ICAP (, ). 0. ICAP, ICAP. d. ( ) Send ICAP. Send: Client address, Server address, Authenticated user Authenticated groups. e. OK. 7. Apply. 110

7: HTTP. (: ) (SGOS 5.2.x ) ProxySG.. 1. Configuration > External Services > ICAP > ICAP Feedback. 2. (HTTP ). a. ICAP 5. b.. Return patience pages: (ICAP ).. 3. (HTTP ). a. ICAP 5.. b.. Trickle object data at end: (99%) ICAP 1. ICAP..., 111

Blue Coat ProxyAV. 4. Apply.. 1. Configuration > External Services > ICAP > ICAP Patience Page. 2. Summary. Customize Patience Summary. 3..,.. 4. OK Apply. Blue Coat ProxyAV ProxySG ICAP ProxyAV. ProxyAV ICAP. 1. ICAP Settings. ICAP Server Settings. 2. Permitted clients. a. Administration and ICAP server Access List Add. Administration and ICAP server Access List Entry. 112

7: 2b 2c 2d b. IP 10.1.1.1(ProxySG IP ). c. Interface Interface 1. d. Allowed ICAP access. e. Save Changes. Visual Policy Manager: ProxySG ProxyAV AV. VPM(Visual Policy Manager), ICAP, HTTP 5,. : ICAP 7:. VPM. 1. VPM Policy > Add Web Content Layer. Add New Layer. 2.. Virus Scan: Corporate. OK. 3. Action Set. Set Action. 4. Set Set ICAP Response Service. Add ICAP Response Service Object. 113

Blue Coat ProxyAV 5a 5b 5c 5.. a.. Corporate_ICAP. b. icap_response1 Add.. c. Deny the client request ICAP. d. OK. e. Corporate_ICAP OK. 7-1.. 6. VPM Policy > Add Web Access Layer. Add New Layer. 7.. Feedback: Corporate ICAP, OK. 8. Action Set. Set Action. 114

7: 9. New Return ICAP Feedback ( SGOS Return ICAP Patience Page). Add ICAP Feedback Object. 10. : a. Provide feedback after. b. Return patience page. 11. : a. Provide feedback after. b. Trickle object data at end. 12. OK. 13. Corporate_ICAP_Patience OK. 7-2.. 14. Install Policy. 115

Blue Coat ProxyAV 116

A: / ProxyAV OS. " "(p. 117) ProxyAV. " "(p. 117) ProxyAV. ProxyAV " "(p. 90). PXA ProxyAV 3.2 AV HTTPS. Advanced > SSL Client : Enable Client/Server HTTPs connection. ProxyAV. v3.x ProxyAV v2.x. v2.x PXA. PXA Blue Coat.. v3.2 ICAP v2.x. v3.2, ICAP v3.2 SNMP. v2.x v3.2. v2.x... IP: 0.0.0.0 Subnet: 0.0.0.0 Interfaces: Both Services: admin, ICAP SNMP 2, B: " ". 117

Blue Coat ProxyAV 118

B: ProxyAV AV. AV. AV.. Blue Coat ProxySG. AV. 119

Blue Coat ProxyAV B-1. AV. 1. 2... 120

B: ProxyAV Blue Coat ProxyAV Blue Coat ProxySG, ProxyAV AV. ProxySG ProxyAV Blue Coat.,. AV. ProxyAV. AV. AV. AV..... ProxyAV AV. ProxyAV ProxySG. Blue Coat ProxyAV ProxySG. ProxyAV. 121

Blue Coat ProxyAV AV : ProxySG ProxySG ProxyAV ProxyAV ProxyAV B-2. ProxyAV SG. : ProxyAV Cisco., ProxyAV 2000-E., Blue Coat ProxyAV Cisco. Cisco.. Blue Coat ProxySG ProxyAV. ProxyAV ProxySG. ProxyAV. ProxySG ProxyAV. ProxyAV. ICAP. HTTPS( ). 122

B: ProxyAV / SNMP(). HTTP HTTPS(,,, ). DNS( AV ).. ProxySG ProxyAV. 1. ICAP URL ProxyAV IP ICAP ProxySG. "ProxySG SGOS 5.5 "(p. 107) "ProxySG SGOS 5.4 "(p. 108). 2. ProxyAV. 3.. VPM(Visual Policy Manager) Blue Coat CPL(Content Policy Language). ProxyAV/ProxySG ProxyAV ProxySG. 123

Blue Coat ProxyAV 124

C:. Third Party Copyright Notices Copyright 1999 2013 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. BluePlanet, BlueTouch, Control Is Yours, DRTR, ProxyAV, ProxyOne, ProxyRA Connector, ProxyRA Manager, SGOS and Webpulse and the Blue Coat logo are trademarks of Blue Coat Systems, Inc. and Blue Coat, BlueSource, K9, IntelligenceCenter, PacketShaper, ProxyClient, ProxySG, Permeo, and the Permeo logo are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT SYSTEMS, INC., ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Blue Coat Systems, Inc. utilizes third party software from various sources. Portions of this software are copyrighted by their respective owners as indicated in the copyright notices below. The following lists the copyright notices for: Advanced Software Engineering This software is based in part on the work of the Independent JPEG Group. This software is based in part of the work of the FreeType Team. Apache Copyright 2006 Apache Software Foundation Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/license-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions alimitations under the License. THE BEER-WARE LICENSE" (Revision 42): <phk@freebsd.org <mailto:phk@freebsd.org>> wrote this file. As long as you retain this notice you can do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp BPF Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution, and (3) all advertising materials mentioning features or use of this software display the following acknowledgement: This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its contributors. 125

Blue Coat ProxyAV Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Browser Detect http://creativecommons.org/licenses/by/1.0/ Creating Tree Tables in Swing Copyright 1994-2006 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You acknowledge that this software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility. DES Software DES functions written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from the 1977 public-domain program by Jim Gillogly. EXPAT Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Finjan Software Copyright (c) 2003 Finjan Software, Inc. All rights reserved. Flowerfire Copyright (c) 1996-2002 Greg Ferrar The FreeType Project LICENSE 2006-Jan-27 Copyright 1996-2002, 2006 by David Turner, Robert Wilhelm, and Werner Lemberg Introduction ========= The FreeType Project is distributed in several archive packages; some of them may contain, in addition to the FreeType font engine, various tools and contributions which rely on, or relate to, the FreeType Project. This license applies to all files found in such packages, and which do not fall under their own explicit license. The license affects thus the FreeType font engine, the test programs, documentation and makefiles, at the very least. This license was inspired by the BSD, Artistic, and IJG (Independent JPEG Group) licenses, which all encourage inclusion and use of free software in commercial and freeware products alike. As a consequence, its main points are that: o We don't promise that this software works. However, we will be interested in any kind of bug reports. (`as is' distribution) o You can use this software for whatever you want, in parts or full form, without having to pay us. (`royalty-free' usage) o You may not pretend that you wrote this software. If you use it, or only parts of it, in a program, you must acknowledge somewhere in your documentation that you have used the FreeType code. (`credits') We specifically permit and encourage the inclusion of this software, with or without modifications, in commercial products. We disclaim all warranties covering The FreeType Project and assume no liability related to The FreeType Project. Finally, many people asked us for a preferred form for a credit/disclaimer to use in compliance with this license. We thus encourage you to use the following text: 126

C: Portions of this software are copyright (c) 2007The FreeType Project (www.freetype.org). All rights reserved." Legal Terms ========= 0. Definitions Throughout this license, the terms `package', `FreeType Project', and `FreeType archive' refer to the set of files originally distributed by the authors (David Turner, Robert Wilhelm, and Werner Lemberg) as the `FreeType Project', be they named as alpha, beta or final release. `You' refers to the licensee, or person using the project, where `using' is a generic term including compiling the project's source code as well as linking it to form a `program' or `executable'. This program is referred to as `a program using the FreeType engine'. This license applies to all files distributed in the original FreeType Project, including all source code, binaries and documentation, unless otherwise stated in the file in its original, unmodified form as distributed in the original archive. If you are unsure whether or not a particular file is covered by this license, you must contact us to verify this. The FreeType Project is copyright (C) 1996-2000 by David Turner, Robert Wilhelm, and Werner Lemberg. All rights reserved except as specified below. 1. No Warranty THE FREETYPE PROJECT IS PROVIDED `AS IS' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OR THE INABILITY TO USE, OF THE FREETYPE PROJECT. 2. Redistribution This license grants a worldwide, royalty-free, perpetual and irrevocable right and license to use, execute, perform, compile, display, copy, create derivative works of, distribute and sublicense the FreeType Project (in both source and object code forms) and derivative works thereof for any purpose; and to authorize others to exercise some or all of the rights granted herein, subject to the following conditions: o Redistribution of source code must retain this license file (`FTL.TXT') unaltered; any additions, deletions or changes to the original files must be clearly indicated in accompanying documentation. The copyright notices of the unaltered, original files must be preserved in all copies of source files. o Redistribution in binary form must provide a disclaimer that states that the software is based in part of the work of the FreeType Team, in the distribution documentation. We also encourage you to put an URL to the FreeType web page in your documentation, though this isn't mandatory. These conditions apply to any software derived from or based on the FreeType Project, not just the unmodified files. If you use our work, you must acknowledge us. However, no fee need be paid to us. 3. Advertising Neither the FreeType authors and contributors nor you shall use the name of the other for commercial, advertising, or promotional purposes without specific prior written permission. We suggest, but do not require, that you use one or more of the following phrases to refer to this software in your documentation or advertising materials: `FreeType Project', `FreeType Engine', `FreeType library', or `FreeType Distribution'. As you have not signed this license, you are not required to accept it. However, as the FreeType Project is copyrighted material, only this license, or another one contracted with the authors, grants you the right to use, distribute, and modify it. Therefore, by using, distributing, or modifying the FreeType Project, you indicate that you understand and accept all the terms of this license. 4. Contacts There are two mailing lists related to FreeType: o freetype@nongnu.org Discusses general use and applications of FreeType, as well as future and wanted additions to the library and distribution. If you are looking for support, start in this list if you haven't found anything to help you in the documentation. o freetype-devel@nongnu.org Discusses bugs, as well as engine internals, design issues, specific licenses, porting, etc. Our home page can be found at http://www.freetype.org FreeBSD Copyright 1994-2009 The FreeBSD Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The views and conclusions contained in the software and documentation are those of the authors and should not be interpreted as representing official policies, either expressed or implied, of the FreeBSD Project. HEIMDAL Copyright (c) 1995-2008 Kungliga Tekniska HÃgskolan (Royal Institute of Technology, Stockholm, Sweden). All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following 127