Blue Coat Systems ProySG Visual Policy Manager SGOS 6.4.
SGOS 6.4 Visual Policy Manager : Blue Coat Systems Inc. 420 North Mary Ave Sunnyvale, CA 94085-4121 : Blue Coat Systems International SARL 3a Route des Arsenau 1700 Fribourg, Switzerland http://www.bluecoat.com/contact/customer-support http://www.bluecoat.com : documentation@bluecoat.com ii
Copyright 1999-2012 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the eclusive property of Blue Coat Systems, Inc. and its licensors. ProyAV, ProyOne, CacheOS, SGOS, SG, Spyware Interceptor, Scope, ProyRA Connector, ProyRA Manager, Remote Access and MACH5 are trademarks of Blue Coat Systems, Inc. and CacheFlow, Blue Coat, Accelerating The Internet, ProySG, WinProy, PacketShaper, PacketShaper Xpress, PolicyCenter, PacketWise, AccessNow, Ositis, Powering Internet Management, The Ultimate Internet Sharing Solution, Cerberian, Permeo, Permeo Technologies, Inc., and the Cerberian and Permeo logos are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. AND BLUE COAT SYSTEMS INTERNATIONAL SARL (COLLECTIVELY BLUE COAT ) DISCLAIM ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT, ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Americas: Rest of the World: Blue Coat Systems, Inc. Blue Coat Systems International SARL 420 N. Mary Ave. 3a Route des Arsenau Sunnyvale, CA 94085 1700 Fribourg, Switzerland : 231-03015-ko_KR : SGOS 6.4.1 10/2012 iii
SGOS 6.4 Visual Policy Manager iv
1 :... 15... 16 2 :... 17... 18... 18 CLI... 20... 21... 22... 22 :... 23... 24... 25... 25... 25... 25... 26... 26... 26 ProySG VPM... 26... 27... 27... 27... 28 3 : Visual Policy Manager A: VPM Visual Policy Manager... 30 Visual Policy Manager... 31... 32... 34... 34... 34... 35 v
SGOS 6.4 Visual Policy Manager VPM... 36... 36... 37 /... 39 Set Object... 39 Add/Edit Object... 41... 41 B:... 42... 43... 43 DNS... 44 SOCKS... 44 SSL... 45 SSL... 46... 47... 47... 51... 52 CPL... 52 C:... 53... 53... 53... 53... 53... 53 IM... 54 IP /... 54... 54 IP /... 54... 54... 57... 59 LDAP... 61... 61... 61... 62... 62 vi
... 62... 63 DNS... 64 RDNS IP /... 64 DNS Opcode... 64 DNS... 64 DNS... 64 DNS... 65 SOCKS... 65... 65 IM... 66... 67... 67 IM... 67 P2P... 68... 68... 68 SSL... 68 DSCP... 69... 70 /... 70... 71... 71 DNS... 71 IP /... 72 /... 72 URL... 72 URL... 74 URL... 74 URL... 74... 76 URL... 76 URL... 76... 76... 76... 76... 77 SSL... 77... 77 vii
SGOS 6.4 Visual Policy Manager Flash... 80 Flash... 80 HTTP MIME... 81... 81... 81... 82... 83 IM... 83 IM... 84 DNS IP /... 84 RDNS... 85 DNS CNAME... 85 DNS... 85 DSCP... 85... 85 /... 86... 87... 87 HTTP... 87... 87... 87... 87... 87... 88... 88... 88 SSL... 89 IM... 89 IM... 90 IM... 91... 91 ICAP... 92... 93... 93... 94 /... 94... 94... 94... 95 viii
... 96 /... 96... 96... 96... 97 ( )... 97... 97 ( )... 97... 97 ADN /ADN... 97... 97... 97... 97 ( )... 98... 98...100... 101... 101... 101... 101 DNS... 101 DNS... 102 DNS... 102 DNS... 102 DNS Imputing /... 102 /... 102... 102... 102 /... 103 IWA /... 103 IP /... 103 /... 103 /... 103 IM /... 104 IM /... 104 /... 104 /... 104 IM /... 104 /... 104 i
SGOS 6.4 Visual Policy Manager IP /... 105... 105... 105... 106... 107... 109... 110 HTTPS... 111 HTTPS... 113 SSL... 113 IM... 113... 114... 115... 116 IP...117 URL DNS... 118... 119 /... 120...121... 125 HTTP... 126 HTTP... 127 HTTP... 127 HTTP... 127...128 ADN... 128 IM... 129 ICAP... 130... 131... 132 ICAP... 133 ICAP... 134... 134 FTP... 135 SOCKS... 135 SSL... 135... 136 DSCP... 137 DSCP... 137
ADN DSCP... 138... 139... 139... 139 DNS/RDNS... 139 DNS... 140 DNS... 140... 141... 141... 141 /... 141 /... 141 TTL... 141... 141 /... 141... 142... 142 SOCKS... 142... 142... 142 IM... 143... 143... 143 IP... 144... 145... 146 Kerberos... 147 Kerberos... 148... 148... 149... 149... 149... 149... 149 /... 149... 153, SNMP... 154... 155... 156 i
SGOS 6.4 Visual Policy Manager /... 156... 156... 157... 160... 160... 161... 162... 164 DNS... 164 DNS... 164 DNS... 164 DNS... 165 DNS... 165 DNS... 165... 166... 166... 166 D:,,... 167 VPM CPL... 167... 168... 169... 169... 170... 172... 173... 173... 173... 173... 173... 174 VPM-... 175 VPM... 175 VPM ProySG... 176 / CPL... 177 E:... 178 1:... 179 2:... 183 ii
... 185 1:... 185 2:... 190 F: VPM CPL 4 : A:... 202... 202... 202 B: IP C:... 205... 206... 206 JavaScript... 206 JavaScript... 206 JavaScript... 206 Embed... 207 Object...207 D: E:... 209... 215... 215... 217... 217... 219... 220... 222 F: P2P( ) P2P( )... 224 Blue Coat... 224...224... 225... 225 VPM... 225 CPL... 226 iii
SGOS 6.4 Visual Policy Manager... 226 P2P... 227 P2P Clients... 229 P2P Bytes... 230... 230... 230 G: QoS Blue Coat Solution... 231 DSCP... 231 QoS... 233 QoS... 233 QoS... 234... 237 VPM... 237 VPM... 238 CPL... 238... 239 H: I: URL... 245 HTTP... 245... 246 http.response.data (CPL)... 246... 246 iv
1:. Blue Coat ProySG. ProySG. Visual Policy Manager Blue CPL(Coat Content Policy Language). VPM. VPM. Blue Coat... 2: " ", 17 3: "Visual Policy Manager", 29 4: " ", 201 (CLI). 1 1 Blue Coat. Courier Courier Courier Arial. :, Blue Coat CPL(Content Policy Language).. Blue Coat.. { }. [ ]. ( ). 15
SGOS 6.4 Visual Policy Manager. W. : (: ).!. : ESD( ). 16
2: VPM.. " ", 17 " ", 18 " ", 21 " ", 22 " ", 25 " ", 27 Blue Coat SGOS 6. Content Policy Language. SOCKS ProySG ( ).. VPM(Visual Policy Manager) CPL(Content Policy Language). ( VPM CPL.) 4. (Code Red Nimda). ProySG Blue Coat.. SGOS(2.) CacheOS(4.).. VPM. VPM, VPM. VPM(Visual Policy Manager) VPM. 17
SGOS 6.4 Visual Policy Manager. () CLI ( ProySG ).. CPL CPL. ProySG ProySG ( ). ProySG. URL FTP HTTP ProySG. ProySG. :, /... : 1. Configuration > Policy > Policy Files > Policy Files. 2 18
2: 2. Install Local/Forward/Central File from,, Install. : ProySG. URL : Install Local/Forward/Central File URL. View. Install. Installation Status. Results. Install Local/Forward/Central File OK. :,.,, HTTP FTP URL ProySG. : Upload and Install File File to upload Browse Choose file. Install... 19
SGOS 6.4 Visual Policy Manager ProySG :. Edit and Install File CPL (Blue Coat SGOS 6.4. Content Policy Language ) Install.. Edit and Install File OK. 3. Apply. : Blue Coat. " ", 25. CLI CLI ProySG... :,. " ", 27. 20
2: : 1. (config). SGOS#(config) inline policy file end-of-input-marker file. Central( ), Forward( ) local( ). : VPM inline policy. end-of-file-marker inline eof. CLI. 2. CPL (Blue Coat SGOS 6. Content Policy Language ). Enter. Backspace. Enter, Control+C inline policy. 3. eof inline. inline Blue Coat SGOS 6. Command Line. : (config). SGOS#(config) policy {forward-path local-path central-path} url SGOS#(config) load policy {forward local central} ProySG. ProySG.. Blue Coat SGOS 6. Content Policy Language.. ProySG..,..,.. 21
SGOS 6.4 Visual Policy Manager : 1. Configuration > Policy > Policy Files > Policy Files. 2. Tet Editor Install Local/Forward/Central File from Install. Edit and Install the Local/Forward/ Central Policy File. 3. Install. 4.. 5. Close.,. ProySG... VPM File Local Policy File Central Policy File-Forward File VPM ( ).,. ProySG VPM,,. ProySG,. 22
2: : 1. Configuration > Policy > Policy Options. 2 2. Move Up Move Down... " : ", 23 " ", 24 :. ProySG..., 443 HTTP CONNECT., HTTP CONNECT 443.,. :.,. 23
SGOS 6.4 Visual Policy Manager : Proy Edition: SGOS. SGOS,. SGOS Deny. SGOS,. MACH5 Edition: Allow...,..... : 1. Configuration > Policy > Policy Options. 2. Default Proy Policy Deny Allow. 3. Apply. CLI.,.. Blue Coat SGOS 6. Content Policy Language. ProySG. : 1. Configuration > Policy > Policy Options. 2. Trace all policy eecution. 3. Apply. 24
2: Blue Coat... ProySG.. ProySG. : 1. Configuration > Policy > Policy Files > Policy Files. 2. Automatically install new Policy when central file changes. 3. Apply., ProySG.. ProySG.,.. ; Central policy file MonthDate, Year version ProySG. ProySG.. : 1. Configuration > Policy > Policy Files > Policy Files. 2. Send me email when central file changes. 3. Apply. 25
SGOS 6.4 Visual Policy Manager ProySG., 24(1440). CLI.. : (config). SGOS#(config) policy poll-interval minutes. CLI.. : (config). SGOS#(config) policy poll-now ProySG. CLI. : 1. (config). SGOS#(config) policy reset :,, VPM.? (y n) ProySG. 2. y n. :. ProySG VPM VPM ProySG., ProySG VPM. VPM " ", 173. 26
2:. ( VPM ) ( Blue Coat VPM ).,. : Visual Policy Files VPM. : 1. Configuration > Policy > Policy Files > Policy Files. 2. View File Current Policy,. Results of Policy Load ( ). 3. View. ProySG. : 4. URL : HTTPS-Console, https://sg_ip_address:https- Console_port/Policy/current ( 8082). HTTP-Console, http://sg_ip_address:http-console_port/ Policy/current ( 8081). ProySG. 5.. ProySG ( ). : 1. Configuration > Policy > Policy Files > Policy Files. 2., View File (Local, Forward Central) View. ProySG. 27
SGOS 6.4 Visual Policy Manager ProySG.. CLI. : 1. Statistics > Advanced. 2. Policy. 3. Show policy statistics.. 4.. : 5. URL : HTTPS-Console https://sg_ip_address:https-console_port/ Policy/statistics ( 8082). HTTP-Console http://sg_ip_address:http-console_port/ Policy/statistics ( 8081). ProySG. 6.. CLI SGOS#(config) policy order v l c SGOS#(config) policy proy-default {allow deny} SGOS# policy trace {all none} SGOS#(config) inline policy file end-of-input-marker SGOS#(config) policy subscribe SGOS#(config) policy notify: SGOS#(config) show policy SGOS#(config) show configuration -- SGOS#(config) show sources policy {central local forward vpm-cpl vpm-ml} 28
3: Visual Policy Manager VPM(Visual Policy Manager) ProySG. VPM Blue Coat CPL(Content Policy Language). VPM " ", 17 ProySG. VPM CPL., SGOS 6... A: "VPM ", 30 B: " ", 42 C: " ", 54 D: ", ", 168 E: "", 179 F: "VPM CPL ", 200 : 2: " ", 17 SGOS 6. 29
SGOS 6.3 Visual Policy Manager A: VPM A: VPM. "Visual Policy Manager " VPM. "Visual Policy Manager " VPM,. "VPM ". "Set Object ". "Add/Edit Object ". Visual Policy Manager VPM. 2 1 1. Configuration > Policy > Visual Policy Manager. 2. Launch. VPM. 30
3: Visual Policy Manager A: VPM Visual Policy Manager VPM. 3 1 VPM 31
SGOS 6.3 Visual Policy Manager A: VPM VPM. 3 1 VPM File Install Policy On.... Edit Revert to eisting Policy on... Eit Add Rule Delete Rule Cut Rule Copy Rule Paste Rule Move Rule(s) Up Move Rule(s) Down Disable/Enable Layer Rename Layer Delete Layer...,... VPM ( ). Blue Coat.. Add Layer Guard. " ", 171. Reorder Layers. " ", 170. 32
3: Visual Policy Manager A: VPM 3 1 VPM ( ) Add Admin Authentication Layer Add Admin Access Layer Add DNS Access Layer Add SOCKS Authentication Layer Add SSL Intercept Layer Add SSL Access Layer Add Web Authentication Layer Add Web Access Layer Add Web Content Layer Add Forwarding Layer Add CPL Layer. Set DNS Lookup Restrictions DNS. Set Reverse DNS Lookup Restrictions Set Group Log Order Edit Categories DNS... View Generated CPL VPM CPL. Current ProySG VPM Policy Files Object Occurrences All Objects Tool Tips VPM... VPM.,. " ", 161.. Help Help Topics. About. 33
SGOS 6.3 Visual Policy Manager A: VPM VPM. Add Rule. Delete Rule. Move Up. Move Down. Install Policy VPM Blue CoatCPL(Content Policy Language) ProySG. Policy > Add Layer..,. 3 2. VPM... Add Rule.. ProySG.... No.().. 34
3: Visual Policy Manager A: VPM 3 3. Move. (Control ). 3 4 " ", 42. VPM ProySG. VPM ProySG.. CLI. Apply ProySG. VPM ProySG., ProySG ICAP A B B Apply. VPM ICAP Response Services. A. 35
SGOS 6.3 Visual Policy Manager A: VPM VPM. Revert Apply Policy Install.. VPM. VPM. ICAP VPM SOCKS.. ProySG. ProySG.. DNS ProySG DNS. SOCKS SOCKS. SSL HTTPS. SSL HTTPS /... ICAP. 36
3: Visual Policy Manager A: VPM. CPL CPL(Conntent Policy Language) VPM...,. ( ProySG ). " ", 42....., Action Deny...,. Source. IP,,, ( ). ( )..., IP Source Destination. :. ", ", 168.. Allow (Web Access Layer Action ),. Deny (Web Access Layer Action ),. Set Set Object. Edit Edit Object. Delete. 37
SGOS 6.3 Visual Policy Manager A: VPM Negate not. Negate.. JobSearch URL. 3 5 Destination, Negate. 3 6. JobSearch URL URL.,,... 3 2 IP,. URL, IP., IM...... 38
3: Visual Policy Manager A: VPM /. 3 3. DNS SOCKS SSL SSL CPL Set Object Set Object.. IP URL.. Set Object... 39
SGOS 6.3 Visual Policy Manager A: VPM 3 7 Set Source Object Set Object. (, IP 5 4 ), Set Object. Set Object Set Object. Show. IP. 3 8 Set Object 40
3: Visual Policy Manager A: VPM Add/Edit Object Set Object Add Object. Edit Object.. Set Object New Add Object. OK. Set Object. Edit. Edit Object. OK. Remove. OK.. VPM ( ). VPM.. Blue Coat ProySG.,. :.. JRE v1.5. 41
SGOS 6.3 Visual Policy Manager B: B:. " ". " ". " ". "DNS ". "SOCKS ". "SSL ". "SSL ". " ". " ". " ". " ".. : PDF, ( C ).. 42
3: Visual Policy Manager B:. IP / IP /. IP / IP / SNMP LDAP IP / / / 43
SGOS 6.3 Visual Policy Manager B: DNS DNS. IP / IP / DNS DNS IP / DNS DNS DNS RDNS DNS RDNS IP / DNS Opcode DNS CNAME DNS DNS DNS Imputing / DNS DNS/RDNS SNMP DNS DNS DSCP DSCP DNS DNS IP DSCP DSCP SOCKS SOCKS. IP / IP / SOCKS 44
3: Visual Policy Manager B: SSL SSL. IP / / URL URL HTTPS SNMP URL HTTPS IP / LDAP IP / 45
SGOS 6.3 Visual Policy Manager B: SSL SSL. IP / / () URL SSL / IP / SNMP URL IP / URL ( ) LDAP SSL SSL 46
3: Visual Policy Manager B:. IP / IP / / URL ( ) IP / URL Kerberos IP Kerberos..,, IP.,, IP. 47
SGOS 6.3 Visual Policy Manager B:.,. IP / HTTP, Windows Media / Windows Media / URL URL URL IM URL URL URL SNMP IP / HTTP MIME IM / IP / IM IM / 48
3: Visual Policy Manager B: ICAP IWA / LDAP IM IP / IM / DSCP / IM / IM / IM / IM SOCKS IM P2P DSCP / / IP / IM IP 49
SGOS 6.3 Visual Policy Manager B: P2P DSCP / HTTP HTTP IM ICAP ICAP FTP SOCKS SSL DSCP DSCP ADN DSCP 50
3: Visual Policy Manager B: URL DNS. ID. URL. ProySG ICAP. IP / / / URL SNMP URL Flash Flash DSCP / / / HTTP HTTP ICAP ICAP TTL 51
SGOS 6.3 Visual Policy Manager B:. IP / / / URL ADN /ADN IP / DSCP IP / SOCKS IP LDAP ADN IM ADN DSCP DSCP SOCKS P2P 52
3: Visual Policy Manager B: DSCP CPL CPL VPM. F: "VPM CPL ", 200. 53
SGOS 6.3 Visual Policy Manager C: C:. " ", 54 " ", 71 " ", 87 " ", 94 " ", 96 " ", 154 " ", 157 " ", 158 " ", 163.. : CPL,,,,..... IP DNS..... 54
3: Visual Policy Manager C: IM. SGOS Windows Live Messenger(WLM) Yahoo IM. Negate. IP / IPv4 IPv6, (IPv4 ) (IPv6 ).. Client. : Client: 1.2.0.0/255.255.0.0. : " ", 70. IP DNS.. Client. : Client: host.com.. : Client: host.com (RegE). IP / IPv4 IPv6, ProySG...... ProySG. LDAP User Base DN. User Base DN ProySG. Browse.. VPM ProySG User Attribute Full Name ( cn=) Base DN. 55
SGOS 6.3 Visual Policy Manager C: : ProySG (Active Directory SAMAccountName, Netscape/iPlanet Directory Server/SunOne uid, Novell NDS cn).. Base DN Full Name VPM. ProySG User (attribute=value ). Full Name.. phone LDAP. User Base DN User. IWA. Domain Name.. VPM Full Name. 56
3: Visual Policy Manager C: RADIUS. User.. VPM Full Name. Windows SSO. User. Domain Name ProySG. Browse. Local. User.. VPM Full Name. 57
SGOS 6.3 Visual Policy Manager C: Certificate Certificate LDAP Browse. LDAP. Certificate LDAP Browse. Netegrity SiteMinder. User.. VPM Full Name. Oracle COREid. User.. VPM Full Name. Policy Substitution. User.. VPM Full Name. Sequences. User.. VPM Full Name. Member Realm (ProySG )..... Group. Authentication Realm. ProySG. LDAP Group Base DN ProySG... VPM ProySG User Attribute Full Name ( cn=) Base DN. : Full Name cn=. 58
3: Visual Policy Manager C: 3 9 ProySG. Group (attribute=value ). Full Name. ( ) Group Base DN Group attribute=value. IWA. Domain Name.. VPM Full Name. RADIUS. Group. Windows SSO. Group. Local. Group.. VPM Full Name. Certificate Certificate LDAP Browse. LDAP. Certificate LDAP Browse. 59
SGOS 6.3 Visual Policy Manager C: Netegrity SiteMinder. Group.. VPM Full Name. Oracle COREid. Group.. VPM Full Name. Policy Substitution. Group.. VPM Full Name. Sequences. Group.. VPM Full Name. Member Realm (ProySG ).. LDAP Radius. LDAP LDAP ( ). LDAP : 1 2 3 4 1. Name. 2. Authentication Realm All LDAP. 60
3: Visual Policy Manager C: 3. Attribute Name LDAP. 4.. Attribute Eists. ~ Attribute Value Match > Value LDAP. peter.gibbons Common Name(CN) LDAP1. RADIUS RADIUS. RADIUS : 1a 1b 1c 1d LDAP 1.. a. Name. b. All RADIUS. c. Attribute Name. d. Attribute Name Attribute Value. 2. OK. LDAP ldap.attribute. ldap.attribute. 61
SGOS 6.3 Visual Policy Manager C: LDAP : 1 2 3 4 1. Name. 2. Authentication Realm LDAP <ALL>. <ALL>. 3. Attribute Name. 4.. Attribute eists. Attribute value match.. Eact match, Contains, At Beginning, At End, RegE. IPv4 IPv6. Windows SSO(Single Sign-On). ()... user.login.log_out_other. 62
3: Visual Policy Manager C: IP.. : 1 2 3a 1. () Name ( ). 2.. No errors:. Any errors:. Selected errors:. Show. 63
SGOS 6.3 Visual Policy Manager C: 3. Selected errors, a. Show. b... 4. OK. : ( )... : 1.. None:. Any:. Selected errors:. 2. Selected errors, a. ( Control + ). b. Selected Add. c.. 3. OK. :.. DNS DNS.. DNS. : DNS: host.com.. : DNS: host.com (RegE). 64
3: Visual Policy Manager C: RDNS IP / DNS IPv4 IPv6, (IPv4 ) (IPv6 ).. RDNS. : RDNS: 5.6.0.0/255.255.0.0. DNS Opcode DNS OPCODE. DNS OPCODE : 1. Name. 2. OPCODE. 3. OK. DNS DNS (QCLASS). DNS : 1. Name. 2.. 3. OK. DNS DNS (QTYPE). DNS : 1. Name. 2.. 3. OK. DNS DNS UDP TCP. DNS : 1. UDP Transport TCP Transport. DNS. : DNS: Client Transport UDP. 2. OK. 65
SGOS 6.3 Visual Policy Manager C: SOCKS SOCKS, 4 5. SOCKSVersion4 SOCKSVersion5... Microsoft Internet Eplorer, Mozilla Firefo, Google Chrome, Netscape Communicator, Microsoft Windows Media Player NetShow, Real Media RealPlayer RealDownload, FlashPlayer, Apple QuickTime, Opera Wget iphone, ipad, ipod, Blackberry, Android, Windows Mobile... :. :. IM IM. Lotus AOL AOL Lotus. 66
3: Visual Policy Manager C: : 1. IM User Agent. 2.. 3. Add.. Blue Coat. : 1a 1b 1c 1d 1.. a. Name. b. Show All Standard Custom. Standard. Custom. c. Header Name. d. Header Rege. 2. OK. IM. IM. IM. ID, ID. (Eact, Contains RegE). 67
SGOS 6.3 Visual Policy Manager C: P2P (P2P). P2P : 1. Name. 2. All P2P Clients( ) P2P. 3. OK. ProySG SSL.. : 1. Name. 2.. 3. OK. ProySG () HTTPS. : 1. Name. 2. Eport, High, Medium Low. 3. OK. Low, Medium High. SSL ProySG () HTTPS SSL. SSL : 1. Name. 2. SSL 2.0, SSL 3.0 TLS 1.0. 3. OK. 68
3: Visual Policy Manager C: DSCP ProySG DSCP(Differentiated Service Code Point). (IP ) DSCP. 1 3 2 DSCP : 1. Name. IP Precedence 2 AFC(Assured Forwarding Class) 2(,, ). 2. IP Precedence (CS ) Assured Forwarding Classes(AF ). 3. () Precedence AFC DSCP. 0 63. Blue Coat.. 4. OK. ProySG "QoS ", 231. 69
SGOS 6.3 Visual Policy Manager C:. " ", 158. : Blue Coat IP / (" IP / ", 55 ).. /. DNS SOCK S SSL SSL IM IP / IP / LDAP DNS 70
3: Visual Policy Manager C: DNS SOCK S SSL SSL RDNS IP / DNS Opcode DNS DNS DNS SOCKS IM IM P2P SSL DSCP.. : CPL,,,,.. DNS. 71
SGOS 6.3 Visual Policy Manager C: IP / IPv4 IPv6, (IPv4 ) (IPv6 ).. Destination. : Destination: 1.2.0.0/255.255.0.0. / URL... Destination. : Destination: company.com:80. (ProySG ) URL. URL. URL. URL " URL ". " URL ". URL. Simple Match URL... URL. URL. URL: host.com. 72
3: Visual Policy Manager C: Regular Epression Match. URL. URL: host.com (RegE). Advanced Match (),, /. Advanced Match.. Eact Match, Contains, At Beginning, At End RegE.. : URL: host.com (Contains). 73
SGOS 6.3 Visual Policy Manager C: URL.. URL. Facebook, /IM URL. URL /. URL " URL". URL... URL. Facebook Facebook. Facebook " URL ". " URL ". URL URL.. URL.. Policy URL URL. VPM Local Central ( ).. " ", 163 VPM Menu Bar. Blue Coat Blue Coat. System ProySG.. 74
3: Visual Policy Manager C: : 1. Policy Add. Object Name. 2. OK. 3. Policy Edit URLs. Edit Locally Defined Category Object. 4. URL OK. 5. OK. : ProySG VPM,. VPM. File > Revert to Eisting Policy on ProySG Appliance.. ( )...... 75
SGOS 6.3 Visual Policy Manager C: " URL ", 74 DNS Access Layer. URL " URL", 72 ProySG URL. ProySG URL URL URL. URL ProySG URL. URL URL URL. ProySG HTTPS.. :.. Eact Match, Contains, At Beginning, At End, Domain Rege. Subject:.. Eact Match, Contains, At Beginning, At End, Domain Rege. " URL ", 74. ProySG. : 1. Name. 2.. 3. OK. 76
3: Visual Policy Manager C: ProySG HTTPS. : 1. Name. 2. Eport, High, Medium Low. 3. OK. Low, Medium High. SSL ProySG HTTPS SSL. SSL : 1. Name. 2. SSL 2.0, SSL 3.0 TLS 1.0. 3. OK.... File Etension. Find Etension Description... VPM. ( ) VPM.. 77
SGOS 6.3 Visual Policy Manager C: : 1 2 3 Ctrl + Shift + 4 1. Name. 2. Find. apple. 3. Control + Shift +. 4. Add File Etensions. RealMedia. Remove. 5. OK. File Etension. : 78
3: Visual Policy Manager C: 1. New Etension. 2... 3. () Description Tab ( )... 4. OK. Tab: ( ):. : ( ). Escape: :. :. Enter: :. :. Delete: :. :. 79
SGOS 6.3 Visual Policy Manager C: Flash Flash. Flash : 1 1a 1b 2 1. Simple Match Regular Epression Match. a. Simple Match Flash Application name Flash. b. Regular Epression Match RegE. 2. Add. Flash. Flash : 1 1a 1b 2 1. Simple Match Regular Epression Match. a. Simple Match Flash Stream name Flash. b. Regular Epression Match RegE. 2. Add. 80
3: Visual Policy Manager C: HTTP MIME HTTP MIME.. MIME. MicrosoftApps application/vnd.ms-ecel, application/vnd.ms-powerpoint, application/vnd.msproject application/vnd.works MIME. : MIME At End URL. Microsoft DOS Windows.. : 1. Name. 2.. DOS/Windows :.ee (Microsoft ),.dll ( ).oc ( ActiveX ) Windows. Windows PE, LE NE. Microsoft :.cab() ActiveX. HTML.cab ActiveX. 3. OK. HTTP... 81
SGOS 6.3 Visual Policy Manager C:. Blue Coat. : 1 2 3 4 1. Name. 2. Show All Standard Custom. Standard. Custom. 3. Header Name. 4. Header Rege. 82
3: Visual Policy Manager C:. : 1 2 3 1. Name. 2. RegE to match. 3. Number of bytes to eamine. 4. OK. IM IM. IM. ID, ID. (Eact, Contains RegE). 83
SGOS 6.3 Visual Policy Manager C: IM IM. IM. : 1 2a 2b 2c 2d 2e 1. Name. 2.. a. Room ID IM.. Eact Match, Contains RegE. b. Type Private Public. c. Invite Only. d. Voice Enabled. e. Conference. 3. OK. DNS IP / DNS IPv4 IPv6, (IPv4 ) (IPv6 ). DNS. DNS. : DNS: 1.2.3.4/255.255.0.0. 84
3: Visual Policy Manager C: RDNS IP DNS.. RDNS. : RDNS: host.com.. : RDNS: host.com (RegE). DNS CNAME DNS CNAME.. DNS CNAME. DNS CNAME: host.com. DNS DNS DNS... DSCP ProySG DSCP(Differentiated Service Code Point). (IP ) DSCP. DSCP : 1. Name. IP Precedence 2 AFC(Assured Forwarding Class) 2(,, ). 2. IP Precedence (CS ) Assured Forwarding Classes(AF ). 3. () Precedence AFC DSCP. 0 63. Blue Coat.. ProySG "QoS ", 231.. " ", 158. /. 85
SGOS 6.3 Visual Policy Manager C: DNS SOCK S SSL SSL IP / URL URL URL URL URL URL SSL HTTP MIME IM IM DNS IP / RDNS DNS CNAME DNS DSCP 86
3: Visual Policy Manager C:.. : CPL,,,,.. HTTP. HTTP.. ICAP... OCS. ProySG SSL OCS, TCP SSL ProySG... CIFS, Endpoint Mapper, FTP, HTTP, HTTPS, Instant Messaging, P2P, Shell, SOCKS, SSL, Streaming TCP Tunneling. ( ). All. Pure. Over. 87
SGOS 6.3 Visual Policy Manager C: ProySG (Management Console: Configuration > Services > Proy Services ). Web Access Layer. Admin Access Layer. ProySG (Management Console: Configuration > Services > Proy Services ). Web Access Layer.. : 1 2 3 1. Name. 2. Protocol. FTP, HTTP, HTTPS, Instant Messaging, SOCKS, Flash.. 3.. Instant Messaging. 88
3: Visual Policy Manager C: 4. OK. SSL SSL. HTTPS Forward Proy requests, HTTPS Reverse Proy requests, Unintercepted SSL requests. ProySG SSL. HTTPS HTTPS. IM IM,. IM : 1 2a 3a 2b 3b 1. Name. 2. : a. File File. b. (Eact Match), (Contains) (RegE). 3. : a. Size. b.. Bytes, Kbytes, MBytes GBytes. 89
SGOS 6.3 Visual Policy Manager C: IM IM.,,. IM : 1 2a 3 4 5 2b 3b 1. Name. 2. : a. Tet Tet. b. (Contains), (RegE). 3. : a. Size. b.. Bytes, Kbytes, MBytes GBytes. 4. Route. Service, Direct Chat. 5. Tet Application. Tet. Application. 90
3: Visual Policy Manager C: IM. Succeeded IM. Failed IM ProySG. Disabled IM... : 1. Name. 2. All Streaming Content( ). 3. OK. 91
SGOS 6.3 Visual Policy Manager C: ICAP ICAP.. ICAP : 1 2 3 1. Name. 2.. a. No errors ICAP. b. Any errors ICAP. c. Selected errors ICAP. Available Errors ICAP ( Control, Shift ). Add. 3. OK. 92
3: Visual Policy Manager C:.. : 1 2a 2b 1.. Not a health check:. Any Health Check:. Any of the selected health checks below:. 2. Any of the selected health checks below, a. ( Control + ). b. Selected Add. 3.. 4. OK.. 93
SGOS 6.3 Visual Policy Manager C:. " ", 158. /. DNS SOCK S SSL SSL HTTP SSL IM IM IM ICAP ( ). Time Web Access Layer.. 94
3: Visual Policy Manager C:. : 1 2 3 4 5 6 7 1. Name. 2. Use Local Time Zone Use UTC Time Zone. ProySG. UTC ( GMT ). 3. Specify Time of Day Restriction (hh:mm) Enable. 24. 24. 22:00 06:00 10 6. 95
SGOS 6.3 Visual Policy Manager C: 4. Specific Weekday Restriction Enable. 5. Specify Day of Month Restriction Enable 01 31.. 22 22 22. 6. Specify Annually-Recurring Date Restriction Enable;.. 3. 7. Specify Non-Recurring Date Restriction Enable;,.. 8. OK.. " ", 158. /. DNS SOCK S SSL SSL,,. : CPL,... 96
3: Visual Policy Manager C:.. ( )..... ( )... ADN /ADN. ADN ProySG (ADN(Application Delivery Network) ). ADN....... 97
SGOS 6.3 Visual Policy Manager C: ( ). ProySG.. VPM ProySG. : SOCKS Authentication SOCKS Authenticate. : 1 2 3 4 5 6 1. Name. 2. Realm ProySG. 3. (Web Authentication ): Mode. ProySG. Auto.. ( ) Origin-IP Origin-IP-Redirect. Form Cookie.. OCS.. 98
3: Visual Policy Manager C: Form Cookie Redirect URL. URL OCS.. Form IP IP.. Form IP Redirect URL Form IP. Proy. ProySG... Proy IP ProySG IP. Origin ProySG OCS OCS.. Origin IP ProySG OCS OCS. IP. Origin Cookie. ProySG.. Origin Cookie Redirect. URL. ProySG CONNECT origin-redirects. Origin IP Redirect. IP ( ). HTTPS. URL IP. ProySG CONNECT origin-redirects. SG2 SGOS 2.-. 4. () 3 Form Authentication Form, New Pin Form Query Form. Authentication Form. New Pin Form PIN. 99
SGOS 6.3 Visual Policy Manager C: Query Form /. : New Pin Form Query Form RSA SecurID.. (ProySG Management Console: Configuration > Authentication > Forms). : HR_PIN 5. OK..... Blue Coat SGOS 6.. : 1 2 3 4 5 6 1. Name. 2. Guest Username.. 100
3: Visual Policy Manager C: 3. Guest Realm. Use realm: Use realm from previous authenticate request: 4. Guest Surrogate Refresh Time. Use realm s surrogate refresh time: User surrogate refresh time: 5. Mode. none. ( "", 98.) 6. OK..,... "", 58... SGOS. : SOCKS Authentication Force SOCKS Authenticate.... ProySG.. DNS. DNS. 101
SGOS 6.3 Visual Policy Manager C: DNS. ProySG DNS. DNS. ProySG DNS. DNS. ProySG DNS. DNS Imputing /. DNS imputing ProySG DNS imputing. /. ProySG. ProySG....,. CEO.. ProySG. 102
3: Visual Policy Manager C: /.. Blue Coat Web Access Layers.. Blue Coat. : Web Access Layer 1: Destination IP Action Do Not Block Popup Ads. Web Access Layer 2: Action Block Popup Ads. IP Web Access Layer 2.. A: " ", 202. IWA /. Internet Eplorer(IE) IWA. Force IWA for Server Auth ProySG 401- IE 407-. ProySG Proy-Authentication IE ProySG IWA. IP /. IP IP. /.. /. IP IP IP. 103
SGOS 6.3 Visual Policy Manager C: IM /. IM IM. ProySG ProySG. SGOS " ". IM /. IM.. IM ( Source IM User Agent Unsupported ). /. ProySG.. /. (: LDAP, RADIUS BCAAA ) ProySG... IM /. AOL IM (IM ). AOL IM. SGOS " ". /. SSL Proy ( )... " ", 107. 104
3: Visual Policy Manager C: IP /. Trust Destination IP ProySG DNS IP. ADN. Do Not Trust Destination IP ProySG DNS. " ", 97.. Blue Coat VPM. : 1 2a 2b 3 4 5 1. Name. 2.. a. : Built-in eception. b. ( ProySG ) : User-defined eception. 3. : Force eception even if later policy would allow request. 4. : Allow re-authentication. 105
SGOS 6.3 Visual Policy Manager C: 5. : Details ID. Edit Select the Rewrite String ELFF CPL. DNS DNSEception2. E: " ", 209. URL. URL. HTTP.. : Internet Eplorer(IE) Netscape Navigator HTTP FTP. IE url.scheme=ftp. URL.. 301( ) ProySG URL.... 302()... URI. Cache-Control Epires. 307( ) 302 URL URL. HTTP/1.1. Name ( ). URL HTTP URL. 106
3: Visual Policy Manager C: : : SGOS 6. Return Redirect 302. : 302 SGOS 6. VPM. 301 307 SGOS 5.5.. ( ) PDF. (" / ", 104 ) OCSP(Online Certificate Status Protocol) CRL(Certificate Revocation List). : 1 2 3 107
SGOS 6.3 Visual Policy Manager C: 1. Name. 2. () : Use OCSP revocation check if available otherwise use local: OCSP OCSP. OCSP onbo CRL(Certificate Revocation List).. Use only OCSP revocation check: OCSP. Use only local certificate revocation check: ProySG CRL. Do not check certificate revocation:. () Disable client certificate validation:. 108
3: Visual Policy Manager C:. ProySG. ProySG. : 1 2 3 4 1. Name. 2. () : Ignore a hostname mismatch: URL ( ). Ignore certificate epiration:. (Not Before Not After.) Ignore untrusted issuer:. 3. () : Use OCSP revocation check if available otherwise use local: OCSP OCSP. OCSP on-bo CRL(Certificate Revocation List).. Use only OCSP revocation check: OCSP. 109
SGOS 6.3 Visual Policy Manager C: Use only local certificate revocation check: ProySG CRL. Do not check certificate revocation:. 4. () Disable server certificate validation:. 5. OK.. 4 E: " ", 209.. SSL Access. : 1. Name. 2. héóêáåö. 3.. 4. lh. 110
3: Visual Policy Manager C: : 5. Name. 6. héóäáëí. 7.. 8. péäéåíçê. Selector $(user), $(group) $(server.address). Content Policy Language Reference "CPL ", 495. : Selector view Etractor. Subject.CN Selector $(user) Etractor $(Subject.CN). Etractor $(Subject.O). $(group) Selector $(group). " ", 167. 9. lh. HTTPS HTTPS ProySG HTTPS HTTPS (,, ). HTTPS. 111
SGOS 6.3 Visual Policy Manager C: HTTPS : 1 2a 2b 2c 2d 1. Name. 2. SSL. a. Issuer Keyring:.. b. :. c. Splash Tet: 200... : http://eample.com/https_policy.html. Edit. d. Splash URL:. SSL CA. : URL. 112
3: Visual Policy Manager C: HTTPS HTTP SSL. HTTPS HTTPS. HTTPS "HTTPS ", 111. SSL. HTTPS. IM ProySG IM. IM (:, ). SGOS ProySG IM VPM. IM. 113
SGOS 6.3 Visual Policy Manager C:. Disable all access logging. Reset to default logging ProySG. Enable logging to. Disable logging to. : P2P. 114
3: Visual Policy Manager C:. Base64. : 1 2 3 4 1. Name. 2. Log Name (ProySG ). 3. Field Name. 4.. Log original value. Suppress value. Base64 encode value. Rewrite value. Edit Select The Rewrite String. ProySG.. :. 5. OK. CEOLogRewrite. 115
SGOS 6.3 Visual Policy Manager C: Windows Media, Real Media URL.. www.traning1.com www.training2.com.. : 1 2 3 4 1. Name. 2. Scheme URL Windows Media, Real Media All. 3. Pattern. 4. Replacement. 5. OK. 116
3: Visual Policy Manager C: IP IP. IP : 1 2 1. Name. 2. In outgoing client IP, reflect. Do not reflect IP IP. ProySG IP. Incoming client IP [IP reflection] IP. Incoming proy IP IP. Proy IP ProySG IP. IPv4/IPv6. Use global configuration IP.. : IP IP. 3. OK. ProySG IP. 117
SGOS 6.3 Visual Policy Manager C: URL DNS URL IP. IPv6 IPv6 DNS. URL DNS : 1.. Look up only IPv4 addresses DNS IPv4 DNS. Look up only IPv6 addresses DNS IPv6 DNS. Prefer IPv4 over IPv6 addresses IPv4 DNS. IPv6 DNS.. Prefer IPv6 over IPv4 addresses IPv6 DNS. IPv4 DNS. 2. OK. 118
3: Visual Policy Manager C:, ( ). : 1 2 3 1. Name. 2. Request, Response Both.. Both. 3.. 4. OK. EconomicConfidentialAccess. 119
SGOS 6.3 Visual Policy Manager C: /.... : 1 2 3 4 1. Name. 2. Show All Standard Custom. Standard. Custom. 3. Header Name ( ). 4.. Suppress. Set value. Append to value. 5. OK. 120
3: Visual Policy Manager C:. Accept.., Accept.. (, ).. : HTTP Accept. URL accepted-notifyname. NotifyName Notify User.. :..,. :.,... 121
SGOS 6.3 Visual Policy Manager C: HTML : 1 2 3 4 5 1. Name. 2. Title (, HTML ). 3. Body HTML. Accept. HTML Accept.. <body><a href="$(eception.details)" onclick="accept();">accept</a> </body> ( ). <body><a href="$(eception.details)" onclick="accept();"> <img src= http://server.com/images/accept.png > </a> </body> HTML VPM. <body> </body> HTML. 122
3: Visual Policy Manager C: 4. Notify mode. Notify once for all hosts.. URL. URL. :. Notify only once for related domains.. :.. javascript. Web Advertising, Advertising Web Ads URL.. Notify on every host. Blue Coat. Javascript. 5. Notify users again. At net browser session.,. After ( ) ( ).. After ( )... :. ProySG. 7 Notify Object. 123
SGOS 6.3 Visual Policy Manager C: URL. URL HTTP IP (http://).. Service Pack 2 Windows XP Internet Eplorer 6.. HTTP Internet Eplorer. ProySG IP IP DNS. CPL. SGOS.. Cookie VPM. Set-Cookie P3P VPM.. Accept. ProySG. 124
3: Visual Policy Manager C: HTML HTTP.. : HTTPS. 4 C: " ", 205. : 1 2 3 1. Name. 2.. 3. Replacement Tet Active Content Removed. Enter., Java. ProySG. Java ProySG IP, Java. ProySG ProySG IP. 1. Add Rule. 125
SGOS 6.3 Visual Policy Manager C: 2. Move Up. ProySG. 3. Destination ProySG IP. 4. IP Destination Negate. 5. Action Remove Active Contents, Java Apps. 3 10 ProySG IP HTTP,. CPU. : VPM HTTP VPM HTTP Low. HTTP : 1.. Low 1. Medium 6. High 9. 2. OK. Compression Level Low, Medium High. 126
3: Visual Policy Manager C: HTTP. : 1. Name. 2....... 3. OK. SGOS. HTTP HTTP. : 1. Name. 2.. Disable HTTP compression.. Use client HTTP compression options. Always request HTTP compression. 3. OK. SGOS. HTTP HTTP ().. 127
SGOS 6.3 Visual Policy Manager C:. : 1. Name. 2.. Client side Server side. Client side ProySG. Server side ProySG. 3.. Inbound Outbound. Inbound ProySG. OCS(Origin Content Server) ProySG ProySG. Outbound ProySG. OCS (: ). 4. Bandwidth Class. 5. OK Save Changes. SGOS. ADN ( ) ( IP ) Application Delivery Network. WAN. Optimize traffic in both directions:. Optimize only inbound traffic:. Optimize only outbound traffic:. Do not optimize traffic:. 128
3: Visual Policy Manager C: IM IM ProySG IM. Time Object. IM : 1 3 2 1. Name. 2. IM. 3.. Set message tet IM.. Append to message tet IM. Blue Coat SGOS 6. Instant Messaging ProySG IM VPM. 129
SGOS 6.3 Visual Policy Manager C: ICAP ICAP. ICAP : 1 2a 2b 2c 3a 3b 3c 1.. 2. ( ). a. Do not provide feedback...: ICAP. b. Provide feedback after <value> seconds: ( ). 5 65535. 0 65535. c.. Return patience page: ProySG ( ). 130
3: Visual Policy Manager C: Trickle object data from start:.. Trickle object data at end:.. 3. (Flash ). 2. 4. OK. ICAP ProySG (). :. SGOS "ICAP ". URL. ProySG URL... ProySG. ( ). SGOS. : 1.. Do not categorize dynamically. URL none. Categorize dynamically in the background. DRTR. DRTR pending DRTR. 131
SGOS 6.3 Visual Policy Manager C: Categorize dynamically in realtime.. DRTR DRTR. Use dynamic categorizing setting from configuration ProySG (Content Filtering>Blue Coat>Dynamic Categorization). 2. OK. ( ) ProySG. : 1 2 3. 1. Name. 2. Use Eternal Filter Service, (ProySG, Configuration > Eternal Services ). 3. Error handling. Deny the client request. Continue without further eternal service processing. 4. OK. 132
3: Visual Policy Manager C: ICAP ICAP. ProySG ICAP. ICAP : 1 2 3 4 5 AV ICAP. 1.. 2. Use ICAP request service.add ICAP Request Service Object. 133
SGOS 6.3 Visual Policy Manager C: 3. ICAP. ICAP for HTTP FTP ICAP If available use secure ICAP connections for encrypted responses.. (HTTP, HTTPS, FTP) ICAP Always use secure ICAP connections. (HTTP, HTTPS, FTP) ICAP Always use plain ICAP connections. 4. Available services Add. Selected failover sequence. 5.. Deny the client request. Blue Coat. ICAP Continue without further ICAP request processing.. 6. OK. OK. : ICAP. ICAP "ICAP ", 133 HTTP FTP. ProySG (Configuration > Eternal Services > ICAP) ICAP. ICAP Blue Coat ProyAV. (Configuration > Threat protection > Malware Scanning) VPM.. ( ) (). ProyAV. 134
3: Visual Policy Manager C: FTP FTP FTP. FTP. SOCKS SOCKS. SOCKS : 1. Name. 2.. Automatically SOCKS. Do Not Accelerate SOCKS. Accelerate via [HTTP AOL IM MSN IM Yahoo IM]. 3. OK. SSL : SSL. SGOS 4.2. SGOS 5.3.. SGOS 4.2. SSL HTTP, SOCKS, / TCP. SGSO 5.3.. 135
SGOS 6.3 Visual Policy Manager C: 4.2. SSL : 1 2 1.. SGOS 4.2. SSL All Tunneled Traffic 3. SGOS 4.2. SSL Traffic Tunneled Over 2. 2.. 3. OK. Blue Coat SGOS /... 136
3: Visual Policy Manager C: DSCP Source DSCP () DCSP(Differentiated Service Code Point). DSCP : 1 2a 2b 2c 2d 1. Name. DSCP CS1(IP Precedence 1). 2.. a. Echo the inbound packet s DSCP value: (ProySG ) DSCP. b. Preserve the incoming DSCP value: ( ) DSCP. /. FTP.. c. DSCP name: DSCP DSCP. d. DSCP value: DSCP DSCP (0 63 ). 3. OK. ProySG "QoS " (Visual Policy Manager 4 ). DSCP " DSCP ", 137 DSCP. 137
SGOS 6.3 Visual Policy Manager C: ADN DSCP ADN(Application Delivery Network) DSCP WAN. DSCP OCS. ADN DSCP : 1a 1b 1.. a. Preserving the incoming DSCP value:. ADN ( ) DSCP. DSCP. DSCP. b. DSCP name DSCP.. DSCP. DSCP DSCP. DSCP DSCP value (0-63). : DSCP "QoS " (Visual Policy Manager 4 ). 2. OK. 138
3: Visual Policy Manager C:. Local, LDAP, Windows SSO, Novell SSO, Certificate, XML Pollicy Substitution. (, )...... LDAP, RADIUS, XML, IWA(BASIC ), SiteMinder COREid.. DNS/RDNS.. Send Default DNS Response. TTL(Time to Live). Send Error Response Code. 139
SGOS 6.3 Visual Policy Manager C: DNS IP. DNS : 1 2 3 4a 4b 5 1. Name. 2. Host. 3. IP Respond with proy IP. 4. IP a. Respond with listed IPs. b. Add. Add DNS Response IP. c. IP Add. d. Close. 5. () TTL ( ). 6. OK. DNS DNS. : TTL. 140
3: Visual Policy Manager C:.... set-cookie, no-store, and/or private.. ProySG. /.. ProySG ( ). / TTL., ProySG. ProySG TTL(Time-to-Live). Name (. TTL ( ).., SOCKS ICP ProySG. /.. ProySG. IP ProySG. 141
SGOS 6.3 Visual Policy Manager C:..... SOCKS SOCKS ( ) SOCKS ProySG. SOCKS Do not use SOCKS gateway. SOCKS Use SOCKS Gateway SOCKS. If no SOCKS gateway is available Deny the request Connect directly SOCKS. ( ) ProySG. Do not forward. Use Forwarding. If no forwarding is available Deny the request (fail closed) Connect directly (fail open). ICP Forward using ICP. ( ) ( IP ) Application Delivery Network. WAN. Optimize traffic in both directions:. Optimize only inbound traffic:. 142
3: Visual Policy Manager C: Optimize only outbound traffic:. Do not optimize traffic:. IM IM. Auto. HTTP HTTP IM. Native.. Auto. HTTP HTTP. TCP TCP. VPM " ", 121 ASCII.. OK. 143
SGOS 6.3 Visual Policy Manager C: IP ADN(Application Delivery Network) IP. IP Windows SSO(Single Sign On), Novell SSO. SGOS. IP : 1.. 2. Edit Set Substitution. 3a 3. : a. Insert. request.header.clientip HTTP. b. OK. 144
3: Visual Policy Manager C: 4. IP Address. $(request.header.client-ip) HTTP Client-IP. 5. OK.... authenticated=yes,.,,. 145
SGOS 6.3 Visual Policy Manager C: : 1 2 1.. Any errors:. Selected errors:. 2. Selected errors : a. Show: All errors.. b.. c.. 3. OK.... 146
3: Visual Policy Manager C: authenticated=yes. user.authorization_error=any.. Kerberos KCD(Kerberos Constrained Delegation) KCD IWA. IWA ProySG KCD. Kerberos : 1a 1b 1c 1d 1. Add Kerberos Constrained Delegation Object KCD. a. Name. b. Authentication Type origin proy. origin. proy. c. IWA Realm Kerberos IWA. d. () OCS Service Principal Name. SPN http/hostname. http/hostname:port. 2. OK. 3. VPM OK. 4. Install Policy. 147
SGOS 6.3 Visual Policy Manager C: Kerberos. Kerberos. BASIC. (ProySG ). BASIC : 1a 1b 1c 1. Add Send Credentials Upstream Object BASIC. a.. b. Authentication Type. origin proy. origin. proy. c. OCS. OCS Send user credentials. OCS Send custom credentials. UserName Password. 2. OK. 3. VPM OK. 4. Install Policy. : Send Credentials Upstream Object. 148
3: Visual Policy Manager C:... " ", 158.. OCS (CA) ProySG, ProySG.. OCS (CA) ProySG, ProySG CA... ProySG Preserve untrusted certificate issuer.. /. DNS SOCK S SSL SSL () ( ) 149
SGOS 6.3 Visual Policy Manager C: DNS SOCK S SSL SSL Windows Windows IWA IWA IM IM IM IM IM IM IP IP 150
3: Visual Policy Manager C: DNS SOCK S SSL SSL Windows Windows IWA IWA IM IM IM IM IM IM IP IP 151
SGOS 6.3 Visual Policy Manager C: DNS SOCK S SSL SSL HTTPS HTTPS IM IP URL DNS 152
3: Visual Policy Manager C: DNS SOCK S SSL SSL HTTP HTTP ADN HTTP IM ICAP ICAP ICAP FTP SOCKS DSCP DSCP DNS/RDNS DNS DNS 153
SGOS 6.3 Visual Policy Manager C: DNS SOCK S SSL SSL TTL SOCKS IP IM Kerberos Kerberos.. : CPL,. 154
3: Visual Policy Manager C:, SNMP, SNMP.., SNMP : 1. Tracking Set Set Track Object. 2. New Event Log, Email SNMP. 3 4 5a 5b 5c 3. Name. : Subject. 4. Message Tet. 5. :. ProySG.. :. 155
SGOS 6.3 Visual Policy Manager C: Substitution Variables : a. Category. b. Display Option ELFF(Etended Log File Format) CPL(Content Policy Language). c. Insert.... Trace Level. No Tracing. Request Tracing. (: URL ),. Rule and Request. Verbose Tracing Rule and Request.. Trace File. : abc.html. ( ). CPL. <Proy> url.domain=aol.com trace.request(yes) trace.rules(all) trace.destination("aol_tracing.html") url.domain=msn.com trace.request(yes) trace.rules(all)trace.destination("msn_tracing.html") <Proy> client.address=10.10.10.1 trace.request(yes) trace.rules(all) 156
3: Visual Policy Manager C:. aol.com aol_tracing.html. msn.com msn_tracing.html. IP 10.10.10.1 default.html.. :. Trace File Trace Level. URL. ( ): https://proysg_ip_address:8082/policy/trace/default_trace.html : http://proy_appliance_address:8081/policy/trace/default_trace.html. " ", 158. /. DNS SOCK S SSL SSL SNMP.. 157
SGOS 6.3 Visual Policy Manager C:.... Negate. 1. ICAP. 1. Set Action Object New > Combined Action Object. 158
3: Visual Policy Manager C: 2 3 4 5 Shift. New. 6 2. Name. 3. Description (). 4. Show. 5. Shift Check Authorization Branch_AV_Req. 6. Add. Selected Action Objects. 7. OK. CombinedAction1. 8. CombinedAction1 OK.. ICAP. 159
SGOS 6.3 Visual Policy Manager C: 2 Proy IP Address/Port.. VPM.... 160
3: Visual Policy Manager C: VPM All Objects. All Objects ( ). VPM View > All Objects. ( Policy ) (" ", 42 ). Show. All (sort by object name):. All (sort by object type):. 161
SGOS 6.3 Visual Policy Manager C: Source, Destination, Service Action ( ).. P2P Client. P2P Client Objects. Show only unused objects. All Objects. All Objects... : 1. New.. 2. Column > Object. Add. 3.. 4. OK. :. IM User Web Access Layer > Source.. 162
3: Visual Policy Manager C:. Edit... View>Object Occurrences. URL. DNS Access, Web Access, Web Authentication Destination Web Content. (" URL ", 74 ). 1. VPM Configuration > Edit Categories. Edit Categories. 2 2. Policy Add. Object Name. 3. OK. 163
SGOS 6.3 Visual Policy Manager C: 4 4. Policy Edit URLs. Edit Locally Defined Category Object. URL URL. 5. URL. OK. 164
3: Visual Policy Manager C: 6. Edit Categories OK. : ProySG VPM,. VPM. File > Revert to Eisting Policy on ProySG. DNS VPM Install Policies VPM ProySG VPM. : VPM..... DNS. DNS DNS. DNS. DNS Blue Coat Systems Content Policy Language Reference. DNS VPM. DNS : 1. Configuration > Set DNS Lookup Restrictions Set DNS lookup restrictions. None. 2. All. 165
SGOS 6.3 Visual Policy Manager C: 3.. a. Listed Host Patterns. Host Patterns. b. Add Add Host Pattern. c. OK. d.. e. OK. DNS DNS. DNS DNS. ProySG. DNS Blue Coat Systems Content Policy Language Reference. DNS VPM. ProySG DNS. DNS : 1. Configuration > Set Reverse DNS Lookup Restrictions Set Reverse DNS lookup restrictions. None. 2. All. 3.. a. Listed Subnets. Subnets. b. Add Add Subnet. c. OK. d.. e. OK. 166
3: Visual Policy Manager C:.. Blue Coat Systems Content Policy Language Reference. VPM. : 1. Configuration > Set Group Log Order Set Group Log Order. 2. Add Add Group Object. 3. Group Name. ProySG. 4. Authentication Realm. 5. OK. 6.. 7. Move Up Move Down. 8. OK. 167
SGOS 6.3 Visual Policy Manager D:, D:,. ", ". " " ProySG. "VPM- " ProySG. "/ CPL " VPM CPL.,,.... VPM ProySG. VPM ProySG XML. :.. 2: " ", 17. VPM CPL VPM CPL VPM. VPM., CPL <Proy>.. VPM CPL. 3 4 VPM- CPL VPM CPL ID. <Admin>. <Admin> DNS. DNS <DNS> 168
3: Visual Policy Manager D:, 3 4 VPM- CPL ( ) VPM CPL SOCKS ID. SOCKS <Proy> HTTPS SSL <SSL- > HTTPS. SSL <SSL> ID. <Proy>. <Proy>. <Cache>. <Forward> : VPM <Eception>. F: "VPM CPL ", 200. ProySG......,...,.. :. 169
SGOS 6.3 Visual Policy Manager D:, ProySG,..,... URL,. Sales. Web Authentication Layer... 5... ( ).. 5 300.... ProySG VPM. ProySG.,,,.,..,... 170
3: Visual Policy Manager D:,. URL..... URL,.,.. VPM... Action Track.... 171
SGOS 6.3 Visual Policy Manager D:, : 1 2 1. Edit. 2. Add Layer Guard.. 3. Set. 4..., IP ProySG IP. : " ", CPL, SSL. "condition=! is_notify_internal".. 172
3: Visual Policy Manager D:,. VPM ( ). Guard. 3 11. :,. ProySG. XML. ProySG CPL vpm.cpl. VPM. VPM-.. : File > Install Policies Install Policies. VPM XML. CPL. XML. ProySG. XML XML. : C:\Documents and Settings\user.name\bluecoat\vpm_err.ml Category Notify User DNS Lookup Restrictions, Reverse DNS Lookup Restrictions Group Log Order CPL.. 173
SGOS 6.3 Visual Policy Manager D:, VPM. VPM VPM ProySG VPM. : VPM..... ProySG,. (VPM.) : File > Revert to Eisting Policy on ProySG. VPM VPM,,,.. VPM. : 1. Rename. Rename New Layer. 2. OK. 174
3: Visual Policy Manager D:,.,.. : Disable Layer.., Enable Layer.. :. : 1.. 2. Delete Policy. : Menu Bar>Edit.,. ProySG.,. : 1.. 2. No.. 3. Disable Rule shortcut.. 4. 3.,. 175
SGOS 6.3 Visual Policy Manager D:, VPM- VPM ProySG. SGOS VPM-. config_policy_source.ml config_policy_source.tt ProySG VPM.. 1. VPM ProySG. "VPM ". 2. ProySG VPM CLI. "VPM ProySG ", 177. VPM VPM ProySG : 3. Statistics > Advanced. 4. Policy.. 3 12 URL 5. Show VPM CPL policy. 176
3: Visual Policy Manager D:, 6. Save As OK. : Save As (config_policy_source.ml config_policy_source.tt).. VPM. ProySG. VPM- (sales_vpm.cpl sales_vpm.ml) 7. VPM. VPM ProySG VPM ProySG : 8. Configuration > Policy > Policy Files > Visual Policy Files. 2a 2b 9. Install Visual Policy : a. Remote URL Install VPM-CPL from. b. Install. Install VPM-CPL. 177
SGOS 6.3 Visual Policy Manager D:, c. Installation URL VPM CPL URL (.tt ) Install. d. a - c VPM XML URL (.ml ) Install. 10. Apply. VPM ProySG URL. VPM URL URL.. VPM- CPL URL View. VPM, ProySG CPL XML. View Visual Policy Files VPM-CPL VPM-XML. VPM. VPM. VPM ProySG : VPM.., url. 1. config. SGOS#(config) policy vpm-cpl-path url SGOS#(config) load policy vpm-cpl 2. config. SGOS#(config) policy vpm-ml-path url SGOS#(config) load policy vpm-ml / CPL VPM VPM CPL. VPM CPL : View > Generated CPL. VPM : View > Current ProySG VPM Policy Files. : VPM CPL VPM. VPM,. 178
3: Visual Policy Manager E: E:. " ", 179 " ", 186.. PAC ProySG IP.. : 1. VPM : Configuration > Policy > Visual Policy Manager. 2. Policy > Add Web Authentication Layer. 3.. OK. VPM. 179
SGOS 6.3 Visual Policy Manager E: 1:, IP. 1 2 3 1. Source. Set Set Source Object. 2. IP New. PAC ProySG IP. 3. OK Source IP. 180
3: Visual Policy Manager E: 4 5 4.. Action Set Set Action Object. 5.. New Authenticate. Add Authenticate Object. 181
SGOS 6.3 Visual Policy Manager E: 6.. Name. Authenticate1 Add Object Authenticate_Eample_Corp. Realm LDAP. Mode Proy IP. 7. OK Add Action Object. 8. OK. 182
3: Visual Policy Manager E: 3 13 9.. Track Set Set Track Object. 10.. New Trace Add Trace. 1 12 11. Name AuthTrace. 12. Trace Level Verbose, false false. 13. OK. 14. OK.. 3 14 183
SGOS 6.3 Visual Policy Manager E: 2:.. 1. Add Rule. 2. PAC IP. 10.1.1.1. 184
3: Visual Policy Manager 3. Do Not Authenticate OK.. 3 15... 4. Move Up. 185
SGOS 6.4 Visual Policy Manager 5. Install policy.. ProySG. SGOS " ".. 1:... 1. Policy > Add Web Access Layer. VPM.. 2. Destination Set. Set Destination Object. 186
3: Visual Policy Manager 3. New. Combined Destination Object. Add Combined Destination Object. 187
SGOS 6.4 Visual Policy Manager 4. New > Request URL. 188
3: Visual Policy Manager 5 6 8 5. URL Simple Match;. hotjobs.com. 6. Add. 7. monster.com bajobs.com 5. 8. Close. 189
SGOS 6.4 Visual Policy Manager 9 9. URL Add. 10. OK. Set Destination Object URL. 11. JobSearchURLs OK.. 3 16 deny.. 12. Install Policies. 190
3: Visual Policy Manager 2: IT.. : 1 2 3 1. Source. 2. Source Set Add Source Object. 3. New Combined-Source-Object. Add Combined Source Object. 191
SGOS 6.4 Visual Policy Manager 4 5 4. IT_PM_Shift. 5. New Client IP Address/Subnet. Add Client IP Address/Subnet Object. 6. IPv4 IPv6. Add Close. 192
3: Visual Policy Manager 7. IP Add. 8. OK. OK. 193
SGOS 6.4 Visual Policy Manager : 1 2 9. Destination Set. Set Destination Object. 10. New Request URL Category. Add Request Category Object. 194
3: Visual Policy Manager 3 4 11. Policy Add. Enter Name for New Category. 12. Allowable_Sports OK. 5 13. Sports URL. Edit URLs. Edit Locally Defined Category Object. 195
SGOS 6.4 Visual Policy Manager 14. URL OK. 15. Policy Allowable_Sports OK. 16. 3-7 URL ew.com, rollingstone.com variety.com Allowable_Entertainment. 17. Allowable PM IT Websites. OK. 3 17 196
3: Visual Policy Manager :. 1 2 1. Time Set. Set Time Object. 2. New Time-Object. Add Time Object. 197
SGOS 6.4 Visual Policy Manager 3 4 5 3.. 4. Specific Time of Day Restriction Enable 18:00 05:59. 6:00 PM - 6:00 AM. 5. Specific Weekday Restriction Enable Monday, Tuesday, Wednesday, Thursday Friday.. 6. OK Time Object. 198
3: Visual Policy Manager : 7. Action Allow. 8. Install Policy. 199
SGOS 6.4 Visual Policy Manager F: VPM CPL CPL Layer CPL VPM CPL. CPL Layer.. CPL Layer. CPL Layer, CPL Layer CPL. VPM. CPL, CPL Layer. : CPL Layer Layer Guard. CPL : : ProySG. 1. VPM Policy > Add CPL Layer. 2. CPL. 3. Install Policy. CPL (View > Generated CPL). ;; Tab: [SanJoseWeb] <Proy> Deny; Rule 1 ;; Tab: [SJAdminAccess] <Admin> Deny; Rule 1 ;; Tab: [CPL Layer (1)] <Cache> url.domain="www.abc123.com" cache(no); Rule 1 4.. Edit > Reorder Layers. 200
4: ProySG. ProySG. VPM(Visual Policy Manager) CPL(Content Policy Language). VPM.. A: " ", 202 B: " IP ", 204 C: " ", 205 D: " ", 208 E: " ", 209 F: "P2P( ) ", 224 G: "QoS ", 231 H: " ", 240 I: " ", 244. (.) 201
SGOS 6.4 Visual Policy Manager A: A: Blue Coat. ProySG. HTML Javascript.. ProySG......... HTTPS. ProySG ( ). HTML.. VPM IP. Blue Coat IP. 202
4: A: 4 1.. blocked popup window -- use CTRL Refresh to see all popups. <Ctrl>... <Ctrl>. Visual Policy Manager. " / ", 103. 203
SGOS 6.4 Visual Policy Manager B: IP B: IP ProySG IP. IP IP. IP/. CPL : define subnet internal_ranges 10.0.0.0/16 192.168.1.0/24 end <proy> client.address=internal_ranges ALLOW VPM : 1. Web Access Layer Rule. 2. Source Combined Object Internal_IP_Ranges. 3. IP Source. 4. Action. 204
4: C: C: Blue Coat.. ProySG Java HTML.,. ProySG., ID URL. : HTTPS.. <APPLET> Java, HTML <applet>. <EMBED> Netscape Navigator, HTML <embed>. <OBJECT> Internet Eplorer Active-X, HTML <object>. <SCRIPT> Javascript VBScript, HTML <script>, Javascript, Javascript URL. <noscript>. Visual Policy Manager CLP. Web Access Layer Strip Active Content " ", 125.. 205
SGOS 6.4 Visual Policy Manager C:. <SCRIPT> </SCRIPT>. LANGUAGE (: <SCRIPT LANGUAGE= JavaScript 1.0 >). LANGUAGE JavaScript. transform active_content <SCRIPT> </SCRIPT>. HTML (<HEAD> ).., HTML. </SCRIPT> ( </BODY> or </HTML> ), <SCRIPT>. JavaScript JavaScript. &{javascript code}, (, <IMG SRC= &{images.logo}; ).. transform active_content JavaScript /.. JavaScript JavaScript. javascript: javascript code,. JavaScript. transform active_content JavaScript /.. JavaScript JavaScript on. <A HREF= inde.html onmouseover= javascript code >. HTML 4.01 21 JavaScript. onblur, onchange, onclick, ondblclick, ondragdrop, onfocus, onkeydown, onkeypress, onkeyup, onload, onmousedown, onmousemove, onmouseout, onmouseover, onmouseup, onmove, onreset, OnResize, onselect, onsubmit, onunload 206
4: C: Microsoft Internet Eplorer Netscape. JavaScript on(on )., <A HREF= inde.html ondonner= DONNER > ondonner ondonner JavaScript. <A HREF= inde.html >. Embed HTML <EMBED> </EMBED>. <EMBED> </EMBED>. embed MIME,. transform active_content embed <EMBED>. </EMBED>. Object Object <OBJECT> </OBJECT> CODETYPE TYPE. object transform active_content object <OBJECT> </OBJECT>.. CODETYPE TYPE. </OBJECT>. 207
SGOS 6.4 Visual Policy Manager D: D:.. URL. (URL.), URL.,.... Referer. Blue Coat Referer. Visual Policy Manager CLP. Web Access Layer Suppress Header " ", 119. Content Policy Language. 208
4: E: E:, ProySG. ProySG., HTML (HTTP ) (HTTP ).. ProySG. policy_denied invalid_request.... 4 1 HTTP authentication_failed (HTTP Response Code: 401) authentication_failed_ password_epired (HTTP Response Code: 403) authentication_log_out (HTTP Response Code: 200) authentication_mode_not_ supported (HTTP Response Code: 403) authentication_redirect_ from_virtual_host (HTTP Response Code: 302) authentication_redirect_off_ bo (HTTP Response Code: 302) authentication_redirect_to_ virtual_host (HTTP Response Code: 302). authentication_failed deny.unauthorized......... 209
SGOS 6.4 Visual Policy Manager E: 4 1 ( ) HTTP authentication_success (HTTP Response Code: 302) authorization_failed (HTTP Response Code: 401) bad_credentials (HTTP Response Code: 400) client_failure_limit_eceeded (HTTP Response Code: 503) configuration_error (HTTP Response Code: 403) connect_method_denied (HTTP Response Code: 403) content_encoding_error (HTTP Response Code: 502) content_filter_denied (HTTP Response Code: 403) content_filter_unavailable (HTTP Response Code: 403) dns_server_failure (HTTP Response Code: 503). URL. deny.unauthorized. ID (, ). /.. ASCII ProySG.. ( UTF-8 64.) IP ($(client.address)). ProySG. ProySG. CONNECT. Blue Coat CONNECT... ProySG. ProySG DNS. 210
4: E: 4 1 ( ) HTTP dns_unresolved_hostname (HTTP Response Code: 404) dynamic_bypass_reload (HTTP Response Code: 200) gateway_error (HTTP Response Code: 504) icap_communication_error (HTTP Response Code: 504) icap_error (HTTP Response Code: 504) internal_error (HTTP Response Code: 500) invalid_auth_form (HTTP Response Code: 403) invalid_request (HTTP Response Code: 400) invalid_response (HTTP Response Code: 502) license_eceeded (HTTP Response Code: 403) license_epired (HTTP Response Code: 403) method_denied (HTTP Response Code: 403) not_implemented (HTTP Response Code: 501) notify (HTTP Response Code: 200) notify_missing_cookie (HTTP Response Code: 403) ProySG DNS. dynamic_bypass.. ProySG ICAP.. ICAP. ICAP. ProySG..,. ProySG...... VPM. HTML VPM. VPM Notify User,. 211
SGOS 6.4 Visual Policy Manager E: 4 1 ( ) HTTP policy_denied (HTTP Response Code: 403) policy_redirect (HTTP Response Code: 302) radius_splash_page (HTTP Response Code: 200) redirected_stored_requests_ not_supported (HTTP Response Code: 403) refresh (HTTP Response Code: 200) server_request_limit_ eceeded (HTTP Response Code: 503) silent_denied (HTTP Response Code: 403) server_authentication_error (HTTP Response Code: 500) ssl_client_cert_epired: Epired SSL Client Certificate (HTTP Response Code: 503) ssl_client_cert_ocsp_check_ failed OCSP Error On Client Certificate (HTTP Response Code: 503) ssl_client_cert_ocsp_status_ unknown: Unknown OCSP Status of Client Certificate (HTTP Response Code: 503) policy_denied deny. redirect... / ID $(-radius-splashusername)/$(-radius-splash-session-id). POST.. ProySG. (HTTP Refresh: header ). () URL(, ). $(url.host). eception(silent_denied). silent.. ProySG /. ProySG " "... OCSP. 212
4: E: 4 1 ( ) HTTP ssl_client_cert_revoked: Revoked SSL Client Certificate (HTTP Response Code: 503) ssl_client_cert_untrusted_ issuer Untrusted SSL Client Certificate (HTTP Response Code: 503) ssl_domain_invalid: SSL Certificate Host Mismatch (HTTP Response Code: 409) ssl_failed: SSL Certificate Verification Error (HTTP Response Code: 503) ssl_server_cert_epired: Epired SSL Server Certificate (HTTP Response Code: 503) ssl_server_cert_ocsp_check_ failed OCSP Error On Server Certificate (HTTP Response Code: 503) ssl_server_cert_ocsp_status_ unknown Unknown OCSP Status of Server Certificate (HTTP Response Code: 503) ssl_server_cert_revoked: Revoked SSL Server Certificate (HTTP Response Code: 503) ssl_server_cert_untrusted_ issuer: Untrusted SSL Server Certificate (HTTP Response Code: 503) tcp_error (HTTP Response Code: 503) transformation_error (HTTP Response Code: 403).. HTTPS.. SSL........ ProySG. 213
SGOS 6.4 Visual Policy Manager E: 4 1 ( ) HTTP unsupported_encoding (HTTP Response Code: 406) unsupported_protocol (HTTP Response Code: 406) virus_detected (HTTP Response Code: 200) Accept-Encoding:Identity;q=0,.. ProySG,, Accept-Encoding: Identity;q=0...... authentication_failed authentication_failed_password_epired authentication_redirect_from_virtual_host authentication_redirect_to_virtual_host authentication_success dynamic_bypass_reload license_epired ssl_domain_invalid ssl_failed (config). SGOS#(config) eceptions SGOS#(config eceptions) show eceptions configuration_error configuration_error eception: all protocols: summary tet: SG configuration error details tet: Your request could not be processed because of a configuration error: $(eception.last_error) help tet: The problem is most likely because of a configuration error, $(eception.contact) and provide them with any pertinent information from this message. http protocol: code: 403 214
4: E:.. HTTP 403. : Internet Eplorer HTTPS URL, 900.. 512 404. eception.autopad(yes no) 513. eception.autopad Content Policy Language. ( ). Identifier. 4 1, " ", 209.. Format. HTTP HTML. HTML. Summary. policy_denied "Access Denied". Details. policy_denied (HTTP ), ".". Help., URL $(eception.category_review_url) $(eception.category_review_message) $(eception.help).. Blue Coat SGOS 6.. Contact.. 215
SGOS 6.4 Visual Policy Manager E: HTTP-Code HTTP. policy_denied 403 HTTP. : Format 8000.... $(eception.id) $(eception.summary) $(eception.details) $(eception.help) $(eception.contact) Format, Summary, Details, Help Contact HTTP. Format,. Format. HTML. <html> <title>$(eception.id): $(eception.summary)</title> <body><pre> Request: $(method) $(url) Details: $(eception.details) Help: $(eception.help) Contact: $(eception.contact) </pre></body></html>. $(eception.last_error) ProySG.. $(eception.reason) ProySG. $(eception.reason) "Either 'deny' or 'eception' was matched in policy" DENY. 216
4: E: SGOS.., eception.all eception.user-defined.all. all. format. all format. all format. user-defined.all all. eception.user-defined.all. HTTP $(eception.contact). #(config eceptions) inline http contact EOF For assistance, contact <a href="mailto:sysadmin@eample.com">sysadmin</a>eof HTTP $(eception.contact). #(config eceptions) user-defined inline http contact EOF For assistance, contact <a href="mailto:policyadmin@eample.com">policyadmin</a>eof SDL( ). /. SDL. (eception.all (format "This is an eception: $(eception.details)") (details "") (eception.policy_denied (format "") (details "your request has been denied by system policy") ) SDL "Your request has been denied by system policy" $(eception.details) policy_denied. format (eception.all) format. policy_denied, This is an eception: your request has been denied by system policy. HTTP $(eception.contact). eception.all. : HTTP. 217
SGOS 6.4 Visual Policy Manager E: (eception.all (contact "For assistance, contact your network support team.") (details "") (format "$(eception.id): $(eception.details)") (help "") (summary "") (http (code "200") (contact "") (details "") (format <<EOF <format removed> EOF ) (help "") (summary "") ) <built-in eceptions removed> ) $(eception.contact) http contact. (eception.all (contact "For assistance, contact your network support team.") (details "") (format "$(eception.id): $(eception.details)") (help "") (summary "") (http (code "200") (contact "For assistance, contact <a href="mailto:sysadmin@eample.com">sysadmin</a>")eof (details "") (format <<EOF <format removed> EOF ) (help "") (summary "") <built-in eceptions removed> ) ). eception.all. eception.all.. (eception.all (eception.policy_denied) ). Blue Coat. 218
4: E: CLI. :. : 1. (config). SGOS#(config) eceptions SGOS#(config eceptions) create definition_name SGOS#(config eceptions) edit definition_name SGOS#(config eceptions user-defined.definition_name) http-code numeric HTTP response code SGOS#(config eceptions user-defined.definition_name) inline? contact Set the $(eceptions.contact) substitution details Set the $(eceptions.details) substitution format Set the format for this eception help Set the $(eceptions.help) substitution http Configure substitution fields for just HTTP eceptions summary Set the $(eception.summary) substitution SGOS#(config eceptions user-defined.definition_name) inline contact eof string eof SGOS#(config eceptions user-defined.definition_name) inline details eof string eof SGOS#(config eceptions user-defined.definition_name) inline format eof string eof SGOS#(config eceptions user-defined.definition_name) inline help eof string eof SGOS#(config eceptions user-defined definition_name) inline summary eof string eof 2. (). SGOS#(config eceptions user-defined.test) show eceptions userdefined.test $(eception.id): test $(eception.summary): Connection failed $(eception.details): Connection failed with stack error $(eception.contact): Tech Support 219
SGOS 6.4 Visual Policy Manager E: : (config). SGOS#(config) eceptions SGOS#(config eceptions) delete eception_name ok :... ProySG., ProySG. ProySG FTP HTTP URL. : ProySG. ProySG.. CLI. : 1. Configuration > Policy > Eceptions. 2 3 2. Install Eceptions Definitions From. 220
4: E: 3. Install. Remote URL : URL. View. Install. OK. Local File : Local File Browse Browse.. Install.. Close. 221
SGOS 6.4 Visual Policy Manager E: ProySG Tet Editor : SDL( ) ( ). 4. OK. HTML ProySG.. Current Eceptions. Default Eceptions Source ProySG. Eceptions Configuration HTML. Results of Eception Load. 222
4: E: : 1. Configuration > Policy > Eceptions. 3 2 2. View Eceptions, View File. Current Eceptions. Default Eceptions Source ProySG. Eceptions Configuration HTML. Results of Eception Load. 3. View.. 4. Apply. 223
SGOS 6.4 Visual Policy Manager F: P2P( ) F: P2P( ) Blue Coat. P2P( ) P2P( ) ISP 60%(). P2P. IP. P2P. P2P P2P..,.. P2P P2P. Blue Coat ProySG P2P P2P. P2P, P2P P2P. :. SGOS P2P. FastTrack(Kazaa) EDonkey BitTorrent Gnutella : ProySG P2P. 224
4: F: P2P( ) P2P ProySG ProySG. :. L4 ProySG ProySG TCP. ProySG HTTP, SOCKS TCP. ProySG. P2P HTTP P2P : UDP. P2P. VPM VPM P2P. 4 2 P2P Web Access Layer > Source > P2P Client. "P2P ", 68. Web Access Layer > Service > Client Protocols. " ", 87. 225
SGOS 6.4 Visual Policy Manager F: P2P( ) CPL CPL http.connect={yes no} p2p.client={yes no bittorrent edonkey fasttrack gnutella} CPL force_protocol() detect_protocol.protocol(yes no) detect_protocol.[protocol1, protocol2,...](yes no) detect_protocol(all none) detect_protocol(protocol1, protocol2,...) : http, bittorrent, edonkey, fasttrack gnutella. detect_protocol(all). CPL P2P CPL. allow, deny, force_deny access_server(yes no) no. authenticate(realm). socks_gateway(alias_list no) socks_gateway.fail_open(yes no) forward(alias_list) no) TCP. forward.fail_open(yes no) reflect_ip(auto no client vip ip_address) CPL Blue Coat Systems Content Policy Language. ProySG P2P. <proy> p2p.client=yes deny 226
4: F: P2P( ) P2P P2P( ), P2P (P2P Visual Policy Manager ). CLI P2P. : P2P ( P2P ) ("P2P Clients", 229 "P2P Bytes", 230 ). P2P Data P2P Data P2P P2P. P2P Data CLI. 4 2 P2P P2P. HTTP P2P HTTP. HTTP ProySG P2P. ProySG P2P HTTP. P2P. P2P. 227
SGOS 6.4 Visual Policy Manager F: P2P( ) P2P : 1. Statistics > Protocol Details > P2P History > P2P Data. P2P. 2. () P2P Protocol. 228
4: F: P2P( ) P2P Clients P2P Clients 60, 24 30. : P2P. P2P : 1. Statistics > Protocol Details > P2P History > P2P Clients. 2. () Graph scale should. 229
SGOS 6.4 Visual Policy Manager F: P2P( ) P2P Bytes P2P Bytes 60, 24 30 P2P. : P2P. P2P : 1. Statistics > Protocol Details > P2P History > P2P Bytes. 2. () Graph scale should. P2P P2P SOCKS v5 HTTP 1.1. P2P ( ). SGOS. SOCKS v5 P2P. P2P. SGOS. 230
4: G: QoS G: QoS QoS( ). Blue Coat Solution DSCP ProySG QoS. ProySG QoS. QoS QoS IP ToS(Type of Service). ToS (: ) ToS. ProySG QoS. DSCP(Differentiated Services Code Point),. DSCP DSCP /, QoS ( ). : ProySG QoS. QoS / QoS. ToS IP 8. 6 2 TCP. 6 DSCP. DSCP.. 4 3 DSCP DCSP Default 000000 (0) Best effort(precedence 0) CS1 001000 (8) Precedence 1 AF11 001010 (10) AFC(Assured Forwarding Class) 1, () AF12 001100 (12) AFC(Assured Forwarding Class) 1, () AF13 001110 (14) AFC(Assured Forwarding Class) 1, () CS2 010000 (16) Precedence 2 231
SGOS 6.4 Visual Policy Manager G: QoS 4 3 DSCP ( ) AF21 010010 (18) AFC(Assured Forwarding Class) 2, () AF22 010100 (20) AFC(Assured Forwarding Class) 2, () AF23 010110 (22) AFC(Assured Forwarding Class) 2, () CS3 011000 (24) Precedence 3 AF31 011010 (26) AFC(Assured Forwarding Class) 3, () AF32 011100 (28) AFC(Assured Forwarding Class) 3, () AF33 011110 (30) AFC(Assured Forwarding Class) 3, () CS4 100000 (32) Precedence 4 AF41 100010 (34) AFC(Assured Forwarding Class) 4, () AF42 100100 (36) AFC(Assured Forwarding Class) 4, () AF43 100110 (38) AFC(Assured Forwarding Class) 4, () CS5 101000 (40) Precedence 5 EF 101110 (46) EF(Epedited Forwarding) (), () CS6 110000 (48) Precedence 6 CS7 111000 (56) Precedence 7 :. DSCP. 0 63. Blue Coat.. Best Effort DSCP.. Best Effort DSCP DSCP Best Effort. Class Selector RFC 2474 RFC 791 Precedence... Precedence 7. Precedence 6 IP.. 232
4: G: QoS Assured Forwarding RFC 2597. AF(Assured Forwarding) Precedence. AF31 CS3 Precedence. Epedited Forwarding RFC 2598. EF(Epedited Forwarding). AF Precedence 6 7. QoS QoS. QoS. ProySG DSCP,. (Configure > Bandwidth Mgmt > BWM Classes) DSCP. DSCP Source Action. 4 3 QoS BWM VPM VPM CPL. <Proy> client.connection.dscp=(ef) limit_bandwidth.client.outbound(high) client.connection.dscp=(cs3,af31,af32,af33) limit_bandwidth.client.outbound(medium) client.connection.dscp=(cs1) limit_bandwidth.client.outbound(low) QoS. DSCP. 233
SGOS 6.4 Visual Policy Manager G: QoS. DSCP () ( ). : FTP. IM. QoS DSCP, /. DSCP ProySG. ProySG ProySG DSCP,.. FTP. DSCP. FTP ProySG FTP. QoS QoS, ProySG QoS SGOS 5.1.3. QoS. 4 4 ProySG DSCP (). <proy> client.connection.dscp(preserve) server.connection.dscp(preserve) 234
4: G: QoS DSCP / / DSCP. ProySG ProySG. / ProySG DSCP DSCP. /. DSCP DSCP, DSCP.. /. /. DCSP ProySG QoS. 4 5 DSCP / <proy> user=a client.connection.dscp(echo) DSCP QoS DSCP ( ProySG ). ProySG DSCP ( )., (Best Effort). ProySG Best Effort QoS. ProySG QoS CS4. 4 6 ProySG DSCP 235
SGOS 6.4 Visual Policy Manager G: QoS : QoS QoS... QoS. WAN ProySG 200-C. ProySG 810. ProySG 200-C /., WAN QoS. VP_Sales CS2 QoS ProySG 200-C. CS2 QoS CS4 QoS.. 4 7 ProySG DSCP <proy> client.connection.dscp(echo) user=vp_sales server.connection.dscp(cs4) server.connection.dscp(cs2) ADN DSCP ADN DSCP. SGOS 5.1.. 236
4: G: QoS VPM VPM CPL. : ( 3: "Visual Policy Manager", 29.) " DSCP ", 69 Web Access, DNS Access : Source. " DSCP ", 85 Web Access, DNS Access, Web Content, Forwarding : Destination. " DSCP ", 137 Web Access, DNS Access, Web Content, Forwarding : Destination. " DSCP ", 137 Web Access, DNS Access : Action. " DSCP ", 137 Web Access, Forwarding : Action. "ADN DSCP ", 138 Forwarding : Action. 237
SGOS 6.4 Visual Policy Manager G: QoS VPM VPM P2P DSCP Best Effort( ). 4 8 Best Effort CPL CPL. client.connection.dscp = 0..63 af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 best-effort cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef : <proy>, <dns-proy>, <forward> server.connection.dscp = 0..63 af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 best-effort cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef : <proy>, <dns-proy>, <cache> 238