BlueCoat-ProxyAV



Comments



Description

HomeThis page displays the current Blue Coat ProxyAV® content scanning and network statistics. ® Table Displays the current Internet Content Adaptation Protocol (ICAP) statistics. Blue Coat ProxyAV Appliance Displays the hardware serial number and the Health Status for this ProxyAV. Click the health status link to display more health details in the On Board Diagnostics table. Note: For 2000-E models, displays N/A. Connection Statistics Displays the network traffic statistics and ProxyAV MAC addresses. Information is segregated by Terabytes (TB), Gigabytes (GB), Megabytes (MB), Kilobytes (KB), and Bytes. Also gives the number of traffic processed per second. Click Reset Counters to reset data to 0. Current Downloads Displays current ProxyAV download activity. Network This page allows you to specify basic network configurations on the ProxyAV. Global Settings Enter a new name or change the existing name of the ProxyAV. If you have more than one ProxyAV on your network, consider using names that can help you distinguish between machines. Proxy Servers for Updates (link) Click this link to identify any proxy servers in your deployment so the ProxyAV can receive pattern file and scan engine updates and firmware update information. Settings for Interface 0 Specifies the network gateway address and the IP address and subnet mask of the first interfacethe one connected to the network. Note: If a different IP network gateway address is entered from the front panel of the ProxyAV (on supporting models), this value is changed accordingly. The label of the first interface on the rear of the ProxyAV varies by Blue Coat model number: Blue Coat AV 400-E: 0 Blue Coat AV 510/810: 0 2000-E: 1 If you are only using one connection to the ProxyAV, you must use Interface 0. Settings for Interface 1 Connection to the second interface is optional. It can be used for either a secondary management connection, a redundant ICAP connection, or both. The IP address for Interface 1 must be different than the IP address specified for Interface 0 (forwarding between interfaces is not supported) and Interface 1 must be configured on a different subnet than Interface 0. Select Enabled to activate the IP address and Subnet Mask fields. DNS Search Order Enter the DNS server IP addresses that you normally use when configuring your client systems. Management Console Access Specifies what protocol the ProxyAV Management Console uses for administrative access. By default (new installation or upgrade), the HTTPS protocol on port 8082 is enabled. You can also enable non-encrypted HTTP access (the default port is 8081). Enabling HTTP Access By enabling HTTP access, the administrator can access the Management Console without a secure connection. You can specify a different port number. Enabling HTTPS Access By enabling HTTPS access, the access to the Management Console is secure and might require a username and password if the ProxyAV is configured to request credentials. You can specify a different port number. When HTTPS is enabled, you must enter the URL format https://interface_IP:port to access the ProxyAV Management Console. For example, https://10.0.0.2:8082. Keyring and SSL versions An SSL encryption keyring is created and used by default. SSL is the standard protocol for secure communication over the network. Select a Keyring and SSL version from the drop-down lists, and click Save Changes. Note: To create another keyring or certificate, select Advanced > SSL Keyrings or Advanced > SSL Certificates, then click the Help icon for detailed instructions. Ciphers list for HTTPS administration (link) Click this link to display the Ciphers list if you have enabled HTTPS access to the Management Console. 1. Doing so ensures that you will not lose access to the ProxyAV while making changes to the SSL ciphers for HTTPS.Ciphers List You can select the SSL ciphers to allow for HTTPS Web interface access. Click Add. If you disable or enable any of the ciphers in the list. click Save Changes. For security reasons. Select one of the following: . 5. click Add. 4. it is important to verify your browser settings before changing the cipher configuration. or SNMP access to the ProxyAV. However. To add IP addresses to this list. The Proxy Server page displays. ICAP. and to be very cautious about making changes. Proxy Servers for Updates If your deployment requires one or more servers that proxy to the Internet. Blue Coat recommends keeping this list limited and specific. To add a server: 1. administration or ICAP access is not allowed. Click Save Changes. Administration and ICAP Server Access List This table displays the currently defined IP addresses (and interfaces) that are allowed administrative remote access to the ProxyAV interface IP addresses or ICAP clients. Blue Coat recommends keeping this list limited and specific. 2. In the IP Address field. Select a Status: Allowed Admin Access: This IP address and subnet is allowed administrative access. specify whether this IP address has access to one or both ProxyAV interfaces. When there are no entries in the table (or all entries are set to restricted). be sure to configure the ProxyAV to be accessed through HTTP. they must be identified to allow the ProxyAV to receive pattern file and scan engine updates and firmware update information. enter the IP address of a client or subnet that is or is not allowed administrative. Allowed ICAP Access: This IP address and subnet is allowed to be an ICAP client. Allowed SNMP Access: This IP address and subnet is allowed SNMP access. and be sure to switch from HTTP access back to HTTPS access when you are finished with the SSL cipher configuration. IMPORTANT: Before you enable or disable SSL ciphers for HTTPS access. In the Mask field. From the Interface drop-down list. which contains fields for adding servers. 2. disabling any high ciphers could lead to losing access to the HTTPS Management Console. enter a subnet address. 3. For example. Administration and ICAP Server Access List Entry For security reasons. 7. 5. enter the port number. General License Information . To change the password for a full-access administrative user. 5. 1. 4. In the Session timeout field. repeat for the Verify New Password field. 3. 6. Click Add. Licensed Components This table displays the AV vendor currently licensed on your ProxyAV. Click the Change Read-Only User Data link. Licensing This page enables you to view the status of your antivirus vendor license. In the Host field. 4. enter the number of minutes before re-entering of the credentials is required. The maximum number of characters is 16. if required.3. Click Save Changes. Select Require Authentication. enter the administrator user name. and update your antivirus license key automatically or retrieve a license key from the BCLP. enter the administrator password. In the New Password field. 2. The maximum number of characters is 16. After a password is set here. 2. repeat for the Verify New Password field. In the Port field. users cannot access the configuration Web pages without it. enter the administrator password. SOCKS Proxy: Proxy this AV appliance through the defined SOCKS proxy server. In the Username field. the expiration date. To change the password for a read-only administrative user: 1. Change Administration Password The ProxyAV allows you to create two different usernames and passwords for access to the Management Console: one for full administrative access and one for read-only access. 3. HTTP Proxy: Proxy this AV appliance through the defined HTTP proxy server. enter the IP address or host name of the HTTP or SOCKS proxy server. In the New Password field. register the ProxyAV automatically or through the Blue Coat Licensing Portal (BCLP). (Optional) This only applies to HTTP Proxy: Select Enable Proxy Authorization and enter a username and password in the appropriate fields. Click Save Changes. and the number of days left on your current license. the active status. Repeat the procedure to add more servers. To register a ProxyAV vendor license automatically: Click Register appliance automatically (recommended). Note: To register an antivirus license after initial startup. To retrieve a license file. or click Retrieve a license file for your appliance. License Administration This section allows you to automatically register a ProxyAV vendor license or retrieve an AV vendor license key file manually using the BCLP. Blue Coat recommends registering the antivirus license at initial startup if it is a fresh box that meets the following prerequisites: There is no previous subscription number or license key file on the appliance. 2. Click Save to save the license file to your computer. then click Save Changes. select Licenses in the Management Console and click Register appliance automatically (recommended). To retrieve an AV vendor license from the BCLP: 1. and click Submit. you must click Save Changes to activate the changes. and 810) or MAC address (for ProxyAV model 2000) and the date and time the license key file was generated. License Key Manual Installation Use this field if the ProxyAV is configured for a closed network (see Advanced > Closed Network Setup). Enter the Activation Code or Subscription number from the e-mail received from Blue Coat. 510. Enter your WebPower credentials and click Login. Save Changes If you make any changes on this page. which means that it cannot connect to the outside Internet for updates. click Update to retrieve the license key. ProxyAV Automatic Registration This page allows you to register an antivirus license at initial startup or later. and 810) or MAC address (for ProxyAV model 2000). select Use Auto-Update. The File Download dialog displays. 4. Click Activate/Manage to display the BCLP Web page. 5. enter your hardware serial number (for ProxyAV models 400E. Click Download License File. You have not previously declined the End-User License Agreement (EULA). 510. To register an antivirus license automatically: . Paste the license file contents into this field and click Save Changes.This section displays the hardware serial number (for ProxyAV models 400E. License Key Automatic Installation If this ProxyAV is configured to have access to the outside network. 3. To allow automatic license-key updates. the ProxyAV learns about traffic patterns on your network and adjusts accordingly to increase performance. If you receive an error. Click Register ProxyAV. Selecting Force Update forces the ProxyAV to download and install the latest file versions. In the ProxyAV Automatic Registration page. the EULA does not display. based on which AV engine you are using: Detect Spyware/Detect Adware (Kaspersky AV engine only) Detect Potentially Unwanted Programs (McAfee AV engine only) Detect Spyware (Panda AV engine only) Detect Potentially Unwanted Programs (Sophos AV engine only) . If the license has expired. Antivirus Settings This page allows you to view AV information and display pages to configure scanning behavior. Scanning Behavior Using the options on this page. Heuristic Parameters When the Heuristic Parameters option is enabled. and your Activation Code or Subscription Number (from an e-mail you received from Blue Coat). Select Accept. you can set parameters and options for antivirus scanning. The learning process restarts whenever a new virus pattern file or an updated scanning engine is downloaded. Click Continue. The Days Remaining column displays the current length of your license to use the software. The ProxyAV checks for new engines and pattern files once every 30 minutes.1. enter your WebPower credentials 2. as well as the date on which the grace period expires. After an initial learning period. If you entered an activation code. the EULA displays. check to be sure that you have entered the correct WebPower credentials and activation code or subscription number. that date displays. The registration status displays on the ProxyAV Automatic Registration page. Extended Options This field is dynamic. regardless of the file versions currently residing on the ProxyAV. Scanning Behavior (link) Click this link to display the Scanning Behavior page and set parameters and options for antivirus scanning. Table The table at the top of this page displays information about the current antivirus vendor. Update Settings (link) Click this link to display the Update Settings page to configure the duration between AV updates. the ProxyAV should be able to accelerate about 15% to 30% of the network's traffic. If you entered a subscription number. 3. The maximum is 100. the object is not scanned. Save Changes .Enabled: Scanning stops after the first instance of a virus or spyware. Maximum total number of files in archive: An archive cannot contain more than the specified number of files. This limitation also applies to each file within an archive. not spyware. unscanned. AV810: 2GB. Dependent upon RAM and disk size of different ProxyAV platforms. For Kaspersky. Maximum archive layers: An archive cannot contain more than the specified number of layers. All others: 100. the minimum is ten seconds. they can use up system resources and slow down overall throughput. ProxyAV 2000-E: 2 GB. McAfee: 300. the Maximum Individual File size that can be scanned is as follows: ProxyAV 400-E and AV510: 768 MB. Policies for Antivirus exceptions This section defines how the ProxyAV behaves when a timeout or other scanning error occurs. the file is dropped. the file is passed on to the client. while not viruses themselves. Defining a timeout value allows the ProxyAV to reclaim those resources. but it cannot be selected without selecting Detect Spyware. For more information about files and archives. are designed to disable a virus scanner. Maximum total uncompressed size: An uncompressed file or archive cannot exceed the specified size (MB). The default is 800 seconds. File size/count limitations Imposes limits on the file sizes and numbers allowed to be scanned. The maximum is: ProxyAV 400-E and AV510: 3000 MB. While these files cannot disable a ProxyAV. Disabled: Scanning stops only after the first instance of a virus. Maximum individual file size-An individual file size cannot exceed the specified size (MB). The default for all options is Block. The maximum is: Panda: 30. the maximum is 3600 seconds (60 minutes). Detect Adware is enabled by default. If Serve is selected. AV810: 4GB. 2000-E: 4GB. If any of these options are exceeded. It can be deselected. File scanning timeout Some files.000. Policies for file types (link) Click this link to display the Policies for file types page to set scanning behavior based on the apparent file types (Kaspersky or Sophos) and extensions. If Block is selected for an error type. refer to the Blue Coat® ProxyAV® Appliance Configuration and Management Guide. Click Save Changes. Apparent Data Types (Kaspersky or Sophos) This feature is only available if you have selected either the Kaspersky or Sophos AV engine. Policies for file types The settings on this page allow you to determine scanning behavior based on the apparent file types (Kaspersky or Sophos) and extensions. File extensions Specifies scanning behavior based on file name extension. If you enable this option. macros. container to enable recognition of individual files in compound files. the unknown policy is applied to the entire container file. For example. but JPG files are to be blocked. the ProxyAV recognizes all files within an archived or compound Microsoft file. These options can increase performance. then unknown files within containers are scanned. Specify policy for each file type: Don't scan-The file is served back to the ProxySG without AV scanning occurring.You must click Save Changes to enable the changes made on this page. The ProxyAV is able to identify various file types. If any individual files in these compound files are specified to be blocked. 2. including graphics (such as JPG and GIF files). 3. archives.. Block-No scanning occurs and the ProxyAV returns a response to the ProxySG that the file was blocked (code type: file_type_blocked). (Sophos only) Select Detect weak types to enable recognition of file types that otherwise might be difficult for the ProxyAV to identify with 100 percent confidence. executables. To specify apparent data types and policy for each type: 1. These options allow you to determine what is blocked. consider the . If this option disabled. encodings. media. and served unscanned. If this option is enabled. the entire zip file is blocked. Note: The Unknown file type applies to all files not recognizable by the ProxyAV. Select Enabled. (Kaspersky only) Select True type of . Word files are allowed. Therefore. Furthermore. By policy. the entire compound file is blocked. Scan-The ProxyAV scans the object for malicious content and returns the content or modified response to the ProxySG.. Drop files having extensions: Any file types with these extensions are blocked and not served to the client. Don't scan files having extensions: Any file types with these extensions are passed through unscanned to the client. scanned. but also increase security risks. b. a zip file contains Word files and JPG files. when an unknown file is detected within a container. and other file types. documents. do one of the following: a. (Optional) Depending on whether you are using Kaspersky or Sophos. 4. based on file contents. To change ICAP settings: 1. 2. Select both plain and secure ICAP if your ICAP client (ProxySG) supports and is configured for both plain and secure ICAP.Blue Coat advisory that viruses and other malicious code can be embedded in many file types. For secure ICAP. Set the port(s) to connect to the ICAP server. Update location To get the update from a location other than the default. the default port is 11344. Click Save Changes to commit your changes to the ProxyAV. and where to look for them. 4. If you enabled secure ICAP. secure. you must be running SGOS 5. Select secure ICAP if your ICAP client (ProxySG) supports and is configured for secure ICAP. enter the name of the ICAP service performing the scanning. You must also configure both the ProxySG and ProxyAV to use secure ICAP. 3. Select plain. specify the number of minutes of the interval between updates. Default Settings . the only impact is how each vendor processes errors. deploying the ProxyAV as an ICAP server is independent of the selected antivirus vendor. the update uses HTTPS for downloads. To configure and use secure ICAP. In the Antivirus service name field. Note: Currently. the ProxyAV only supports the Blue Coat ProxySG as an ICAP client. ICAP Server Settings As the ProxyAV uses its own antivirus scanning interface. Select plain ICAP if your ICAP client (ProxySG) supports only plain ICAP and is configured for plain ICAP. Note: If an https:// URL is entered. Click Save Changes. depending on whether Enable Client/Server HTTPs Connection is selected on the Advanced/SSL client page. the AV update occurs over HTTPS or HTTP. Update Settings This page configures the duration between AV updates. For plain ICAP. or both plain and secure ICAP. To create or import new keyrings. including image formats.3 with a valid SSL license. 5. Save Changes You must click Save Changes to enable the changes made on this page. In the Update frequency field. enter a URL in the Custom field. the default port is 1344. select the SSL keyring to use from the Keyring dropdown list. When using the default update URLs. select Advanced > SSL Keyrings. com. Alerts This page allows you to enable e-mail alerts. an alert is sent. select Advanced > SNMP Settings. Failed to connect for update: The ProxyAV looks for new AV updates once every 30 minutes.com. On Board Diagnostics: If the state of a monitored ProxyAV appliance metric changes. The ProxyAV reminds you when the end of the subscription period is getting near. For each event type in the following list. Subscription Expiring: Your license to use AV software on the ProxyAV requires annual renewals.log file for each state change. one entry is still written to the InternalInfo. and SNMP traps for various events on the ProxyAV. SNMP Trap: Sends a trap to the SNMP manager. To configure e-mail alerts. Click Save Changes to enable the changes made on this page. select the alert options in the table: Virus is found: A virus was found in an ICAP session.Click this to revert any custom changes back to the default settings. These files are updated regularly. Send alerts to multiple addresses by using a comma separated list. Recipient e-mail address: Defines who the ProxyAV alerts when an event occurs. there is an antivirus file scanning timeout. and that metric is selected to trigger an alert or SNMP trap. To configure SNMP traps. Note: If all of the alert settings are disabled. Successful update: The ProxyAV checks for AV updates once per 30 minutes. File was blocked (exclude virus case): A file is blocked for any reason other than a virus infection. This fails if the ProxyAV does not have access to the Internet or if the file servers are down or unreachable. the administrator decides to block password protected compressed files. Alerts Settings The options on this page allow you to configure: Sender e-mail address: The source mail address to use for alert e-mails. click Alerts Settings. Intelligent Connection Traffic Monitoring (ICTM): If the maximum specified concurrent slow connection warning or critical thresholds are reached. E-mail: Sends an e-mail to the administrator. an alert or SNMP trap is sent. for example: [email protected]. For example.log file.user2@company. For example: proxyav123@company. For example. logging.com. Logging: Creates an entry in the AlertLogFile. File was passed through without being scanned: Several settings on the Antivirus page enable the administrator to allow files to pass through ProxyAV unscanned.consultant@otherco. If . Enable this alert to find out when a new pattern file has been downloaded. it listens for a connection from the ProxyAV on port 8001. click Token list. Comma or Space. To display a list of valid tokens.exe from a command line to change this listening port. User Defined: A log format you specify using the format string. you can select Include W3C headers to include them. Select Enable logging of viruses to CSV format. SMTP Authorization (POP-Before-SMTP) Enabled: The ProxyAV uses POP before SMTP to authenticate. If you selected User Defined format. To configure CSV logging: 1. 6. Run ConnLog. . that define what detailed information appears in the logs. Select the logging format: ProxyAV Classic: The Blue Coat logging format. therefore.exe /? command displays usage information. 2.this field does not contain a recipient address. 7. If you selected User Defined. you can modify this as required. your username and password is submitted to the mail server on port 110 before sending the alert.exe writes a new log file for each day into the current directory. ISA W3C: Extended log file format. Click Save Changes. you can specify the Delimiter format. You must click Save Changes to enable the changes made on this page. enter the IP address of the destination server.exe and can be downloaded by clicking Get log receiver application or Get Windows based log receiver application. In the Address field. By default. 8. MS Proxy 2. Select the protocol: TCP/IP or UDP. 3. The Format String field displays the default logging tokens. Logging This option allows you to forward detailed connection log (connections between the Management Console and the file scans) information to any system on your network. ConnLog. If you selected User Defined format. CSV Logging Select Enable sending logging information to remote computer. The ConnLog.log. To define where logs are sent: 1. SMTP server address: Messages are sent to the address listed above through the SMTP server listed here.0: Microsoft Proxy logging format. the ProxyAV neither attempts to send an e-mail nor makes an entry in the AlertErrors. The ProxyAV includes an application for receiving logs called ConnLog. This option allows the ProxyAV to log viruses in CSV format. based on the selected log format. 5. 4. Log Files The options on this page allow you to configure ProxyAV logging options. Note: This is not syslog-type information. The logs are in plain text format and can be imported into most log analyzer applications. In the Field delimiter field. AdminInfo. The packet log can run until the free space on the disk drops below 20 MB.log~ file exists.log.log: When the diagnosticS. it is deleted. Log Files This table allows you to view the generated log files. The most common entry to this log is an inaccessible SMTP server. When the total of AlertLogFile log files reaches 35 MB. The first column link saves a text file to a specified location. Select to create a new file every Hour. Day. 3. the event is logged here. diagnosticT.log: Debug information: thread counts for AV scanning. Note: When the AdminInfo.log grows to more than 3MB. number of active threads.log file is created.2. Using this information. see the Advanced > Troubleshooting page. such as access times and changes made. o o o o o o virus-log-date. not just those that could not be sent to the administrator by e-mail. the file is renamed to AdminInfo. Blue Coat might request the contents for diagnosing any issue. diagnosticSprev.log grows to more than 3MB. AlertLogFile. boot.log file size reaches 100 Kb.log: Periodic dumps of internal information.log.log: When the diagnosticT.log: Logs all admin actions. Month. o AlertErrors. diagnosticTprev.log reaches 1 MB. Note: You can download all the logs as a single zip file. it is renamed to AlertLogFile_YYYY_MM_DD_N. Blue Coat Technical Support can assist you with troubleshooting.log and the AlertLogFile log starts over. If a previous AdminInfo. When the ProxyAV cannot send alerts to the administrator(s) designated in the Alerts page. it is renamed to diagnosticSprev. When a diagnostic log file reaches 3 MB or an internal log reaches 100 KB.csv: Log files generated by virus logging in CSV format. it is copied to a backup file (overwriting it) and starts over. Click Save Changes.log~ and a new AdminInfo. This information assists in detecting the current state of the ProxyAV and in efficiently troubleshooting any issues. enter what symbol is used to separate log entries. and scanning queue length. or Week. o Note: When the AlertLogFile. the ProxyAV begins deleting the oldest alert logs.log: This log is different from the AlertErrors.log: Records all reboots of the machine.log in that it includes all alerts. Advanced This page provides advanced configuration options. Route Table .log: This file is a log of alert errors. it is renamed to diagnosticTprev. 4. diagnosticS. Click the link in the second column to display the log file in a Web browser. %VIRUS: The virus or potentially unwanted software (PUS) name. The Alert column defines what information is included in the alert that is logged or sent through email to the administrator. In the Gateway field. for HTTP downloads. Click Modify to call the Message screen. Messages Each alert contains information about the event that triggered it. At the bottom of the table. select an interface. 6. %REASON: Why the event occurred. Autotext keywords can be used in the Alert and Substitute messages to get contextual information about the event into the messages: 1. 3. %ACTION: The action that was performed (file passed/dropped). Repeat as required. The Substitute column defines what text is substituted for the original data. and sending alerts. enter an IP address to be used in routing. enter a subnet value. For example. In the Customize Messages table. Event. Enter a MAC address. 3. you can specify what information is in each type of alert. Click Add. Routes entered here do not affect traffic that is scanned by the ProxyAV. checking for updates to ProxyAV firmware. Click Custom to alter or annotate the message and character set. Under State. To add an ARP value to the table: 1. the default is to use the default message. enter an IP address in the first field. In the Mask field. 4. The following keywords may be used: %CLIENT: The client IP address. they are only used for connections where the ProxyAV is the client. why was the file scanned? . These include updates of pattern and engine files. the ProxyAV replaces the entire infected file with the substitute text. and Command Type-define each type of event. Click Add. Click Save Changes. For example. Because different events can trigger an alert. The first few fields provide information 2.This page allows you to enter additional routes for deployments where the ProxyAV default route (see Network) is not sufficient. the Route entry page appears. ARP Table This page allows you to enter static ARPs or clear the dynamic and static ARPs. The first three columns-Protocol. To add a route to the table: 1. about the event. From the drop-down list. %URL: The URL from which the file was downloaded. 2. there can be many different alert forms. 4. A typical use for the Route Table is when the SMTP or DNS servers to be used by the ProxyAV are located on an internal network. 5. enter a gateway value. In the Destination field. 2. memory. However. and Logging alerts for On Board Diagnostics. The metrics vary slightly for each model. and network interfaces. %ADMINMAIL: The administrator mail address. as follows: AV510 and AV810-CPU. sends an email alert or creates a log entry when there are changes in the metric's state. The default values display in the table. %HWSERIALNUMBER: The ProxyAV serial number. .To enable SNMP Traps. %AVPATTERNVERS: The AV pattern version. upper critical. SNMP Traps Enabled: When selected. %APPVERSION: The application version. %AVVENDOR: The AV vendor.%MACHINENAME: The name of the ProxyAV. memory. CRITICAL-The monitored system or device is either failing or is far outside normal parameters and requires immediate attention. %TIMESTAMP: The time the event occurred. memory. hardware. E-mail. unit.The state indicates the severity of the metric as a health issue: OK-The monitored system or device is behaving normally. the check boxes in the On Board Diagnostics table are not available. The table includes the following information: Alert Enabled: Depending on the type of alerts you have enabled. then select the appropriate check boxes. The current state. The % character always precedes the tag name. SNMP traps are enabled for CPU. On Board Diagnostics The ProxyAV monitors its vital system components and displays the current status for each component. numerical value. %APPNAME: The application name (ProxyAV). 3. as well as the acceptable upper and lower critical and non-critical values. and network metrics are available. %APPWEB: The application vendor Web address. Capitalization is also important. %MACHINEIP: The ProxyAV IP address. AV400 and AV2000-CPU. %AVENGINEVERS: The AV engine version. do not use lowercase variable names. select Alerts. SNMP traps will only be sent when a the current state changes from OK or Warning to Critical. %AVPATTERNDATE: The AV pattern date. and network interfaces. and upper non-critical values for CPU. WARNING-The monitored system or device is outside typical operating parameters and might require attention. Clear a check box to prevent an alert from being sent for that metric. Click Save Changes. %PROTOCOL: The scanned protocol. memory. Note: You can configure the state change interval. and state change interval for each metric is provided. Click Save Changes to save any changes you make to the options in this table. and network metrics are available. Important: If alerts are not enabled. 2. In the Query Interval field. If SSL intercept is enabled. Select a time zone from the Time Zone Information drop-down list. To receive an SR number. If entering more than one server. Navigate to the location where you want to save the zip file and click Save. The Save As dialog box displays. To download log files: 1. Upload log files to the Blue Coat Support server that are related to a service request (SR) number. Click Save Changes. dialog displays. Promote or demote servers. Enter the current date and time values. 2. prompting you to open or save the zip file. Select Enable. The default is 60 minutes. Download log files in a zip file format. Note: If outgoing ProxyAV connections go through the ProxySG. If you are using a proxy server. . Click Save. Troubleshooting This option allows you to do the following: Configure the ProxyAV to save log files containing information that might assist Blue Coat Customer Support should the ProxyAV experience difficulties. 3.Date/Time Settings Specifies the clock of the ProxyAV. Select the Enable Keeping Troubleshooting Information Files check box. The File Download 2. Enter the hostname of the time server and click Add.bluecoat. 6. if required. Network Time Protocol Adjusts the ProxyAV clock to synchronize with a configured time server or servers on specified intervals. To save log files: 1. make sure that SSL intercept is not enabled for https://upload. To configure NTP: 1. be sure to configure it at Network > Proxy Servers for Updates. 5. Click the link to download troubleshooting files (log files). 4. enter the duration between synchronization checks. contact Blue Coat Customer Support. 3. Click Save Settings. repeat Step 1. Click Save Changes. it can cause the upload of log files to fail.com. Ping Utility This option allows you to send pings to verify status. Enable sending Troubleshooting Information files: Allows files containing troubleshooting information to be sent by e-mail or HTTPS upload to Blue Coat Technical Support. With multiple certificates. The default keyring contains a certificate and an automatically-generated key pair. Note: If the transfer continues to fail. If the ProxyAV cannot connect to upload. To create a new keyring: 1.To upload log files to the Blue Coat Support server: 1. click Cancel. Support server. you cannot configure these options. 2. The ProxyAV initiates the upload of the file logs. When a keyring is created. and everything in the keys. you can configure multiple keyrings and associate the certificates and the keyrings.bluecoat. displays a warning on the main page if connectivity is lost. To stop the upload. You can associate a certificate with this keyring. 3. verify that the SR number is valid and has not previously been resolved. Enter the SR number in the Service Request Number field. This page allows you to generate new keyrings. Enable advanced DNS: Enables use of the emergency list of DNS servers and recursive DNS. the status prompts you that there was a problem connecting to the remote host.zip to the Blue Coat 3. Additional Services These options allow you to specify additional ProxyAV communication services that can assist administrators or Blue Coat Technical Support to diagnose difficulties. Enable tech support remote access: Allows Blue Coat Technical Support to access this ProxyAV. the SSL Keyrings page appears. The Send Service Information dialog displays the SR number and the upload status. Selecting Show keyring allows the keys. to be viewed and exported. SSL Keyrings Note: If you are logged in to the ProxyAV Management Console through HTTP. not HTTPS. In the Keyring name field. A keyring holds a key pair and a certificate. 4. you can create other keyrings signed by a well-known Certificate Signing Authority (CSA). Enable ping to Interface IP: Allows you to ping the interface IP address of this ProxyAV. click Send. To attempt the upload again. 2. enter a name. Click Save Changes if you make any changes to these options. Click Send. The ProxyAV ships with a default keyring already created. Because the default keyring is self-signed. Click Create.com. Enable connectivity test: Periodically tests connectivity to Blue Coat servers on the Internet. it only contains a key pair. Perform one of the following: . 4. A longer e-mail address will generate an error. determine the maximum key length allowed for export. From the Keyring drop-down list. You can add three kinds of SSL certificates: A self-signed certificate A certificate signed by a CA An external certificate To create a self-signed certificate: 1. You can enter a custom https:// location URL there. Country Code: Enter the two-character ISO code of the country. Longer key pairs provide better security. If the keypair that is being imported has been encrypted with a password. City/Locality: Enter the city. Note: The custom AV update location on the Anti-virus > Update settings page operates independently of this option. but with a slight performance expense on the ProxyAV. 2. E-mail Address: The e-mail address you enter must be 40 characters or less. Common Name: A common name should be the one that contains the URL with which the client access that particular origin server. For deployments reaching outside of the United States. The ProxyAV ships with a certificate associated with a default keyring. SSL Certificates Note: If you are logged into the ProxyAV Management Console through HTTP. can be reused in other keyrings meant for internal use. Click OK. A length of 1024 bits is the maximum (and default). The certificate associated with this keypair must be imported separately. select a date after which the certificate is no longer valid. In the Keyring field. SSL Client Select Enable Client/Server HTTPS Connection to enable default AV downloads using HTTPS. yet not select to enable HTTPS connections here. 4. Click OK. Select Import keyring. select Keyring Password and enter the password into the field. the SSL Certificates page displays. self-signed and associated with the default keyring. It does not have a certificate associated with it yet. is created with the name you chose. Be aware that the maximum key length allowed for international export might be different than the default. you cannot configure these options. To configure the SSL client: . Organization: Enter the name of the company. containing a keypair. Not valid after: From the drop-down lists. Unit: Enter the name of the group that will be managing the machine. not HTTPS. select a keyring. The keyring.Select Create new and enter the keyring strength in the bit keyring field. 3. paste in an already existing keypair. this keypair and certificate can be selected from the Network page for HTTPS encryption. After the process is complete. Fill in the fields as appropriate: State/Province: Enter the state or province where the machine is located. Click Create. The certificate. Click OK. The path and name of the object being scanned. History Statistics Displays various resource usage. ICAP Objects: The number of ICAP objects received during the interval. CA Certificates Imports a Certificate Authority certificate to be used for server authentication. all cipher types and strengths are selected. This option allows you to manually specify the Ethernet media adapter type for each interface. The Current Media State field displays the current configuration (or if a cable is not connected). A table provides detailed statistics of the objects currently being scanned. and object statistics in three grades: every minute for the last 60 minutes. the ProxyAV automatically detects the link settings. Select a Keyring: the default or one that you already created on the Network 2. . and do not appear in the drop-down list. Ethernet Adapter Media Type By default. For AV 810 and 2000E appliances. De-select any if required. Click Save Changes. Scanning. every hour during the last 24 hours. Concurrent connections: Displays the current number of connections to the ProxyAV. Note: For AV 400-E appliances. on average for the interval. Requests History: Click this link to view the Requests History page. To change the configuration. 4. ICAP Bytes: The total size in bytes of ICAP objects received during the interval. Memory Usage: Displays the highest level of memory percentage used during the interval. connections. 3. The current state of the transaction: Receiving. Total objects being processed: Displays the number of objects the ProxyAV is currently scanning. page. Detailed Statistics Displays detailed statistics of current transactions. AV 510 appliances have a selection for 1000Mbit/full. Click a button to change the view: CPU Usage: Displays the percentage of CPU resource consumed. Queued. The IP address of the ProxySG that sent the request. Select a certificate and click Import. Select a certificate and click View to examine the certificated details. which displays the results of past anti-virus scans. or Replying. select an option from the drop-down lists and click Save Changes. 10 Mbit/Half and 10 Mbit/Full are not valid selections. By default. Select an SSL version. this must be set to Auto to autosense Gbit.1. and every day for the last 30 days. Connections: The maximum number of concurrent connections made during the interval. website. The mode used for scanning: Plain or Secure ICAP. Mode: Corresponding ICAP service mode (Plain or Secure).234 bytes.631. which allows for integration with network management tools. 111 bytes. Secure Requests History These options allow you to set the number of past requests to view and refresh the list of requests. MIB II and AV MIB are supported. system. Result: Scan result of Clean. 4. 6. enter up to three IP addresses that receive the traps. Select SNMPv2 or SNMPv3: For SNMPv2: Enter the read community name and verification. Click Refresh Now to obtain the most current data about processed requests. 8.000. 5. 14 ms. enter a string that describes the contact person responsible for maintaining this appliance. The total time spent processing the object (including the receiving time).com/images/pic. When the number is set to zero. The default number of requests is 50. For example: 1stFloorLab.advertise/adview. 30 ms. ProxySG IP: IP address of the ProxySG that generated the request. Enter a number from zero to 1. 21. 2. Virus.gif Receiving. For example: http://www. Time taken: Total time (in ms) it took for the ProxyAV to process the request. Select an Interface for SNMP from the drop-down list: In the Send Traps To fields. Select Enable SNMP. Number of requests: This number determines the number of requests that display in the list. SNMP These options allow you to configure SNMP information. and enter it again in the Verify Trap Community field. enter a string that describes the physical location of the 3. . Plain http://banners. 7. To configure SNMP options: 1. The list includes the following information for each request: Timestamp: Date and time the request was processed. Specify the Trap Community in the Trap Community field. and SNMPv2 and SNMPv3 are both supported. In the sysLocation field. For example: LabTechNigel. or Error.The number of bytes received for scanning. Size: Total size (in bytes) of the requested object.php?what=welcome Scanning. Click Save Changes to commit your changes to the ProxyAV. request logging is disabled. Select Enable Authorization Traps to allow the ProxyAV to send traps when SNMP authentication failures occur. o List of requests: Requests are listed in reverse chronological order. In the sysContact field. Note: By default. 2. The larger the value. To save the zip file to your hard drive. Click Save Changes. such as a stock ticker. no warning is sent and nothing is logged in the AlertLog file.1 data description language) that contains descriptions of managed objects. select Save and navigate to the location on your hard drive to save the file. slowest connections so that the level below the threshold is maintained. Note: You must also allow SNMP access for your SNMP clients.For SNMPv3: Specify the settings for a read-only user. 3. If the critical threshold is reached. Specify how many concurrent connections that have exceeded the duration specified in Step 2 before a warning message is sent. the more resources are wasted on suspected infinite stream URLs. thus targeting them for termination before the download is complete. Specify how many seconds a connection lasts before it is determined to be a slow download. the ProxyAV checks for slow downloads. To configure ICTM: 1. and the MIBs contain information on these commands and the target objects. The e-mail is sent to recipients specified on the Alerts > Alerts Settings page. click Open. lower values might tag the downloads of large objects as slow. Note: Depending on your Web browser. 9. excessive Blue Coat ProxySG and ProxyAV resources are consumed.zip dialog displays. The allowed maximum is the maximum number of ICAP connections allowed by the ProxyAV platform. The minimum is 30 seconds. the ProxyAV notifies the administrator of the dropped URLs (through an e-mail or SNMP trap. Blue Coat recommends the default of 60 seconds. Specify the warning threshold: a. if the option is selected). Intelligent Connection Traffic Monitoring (ICTM) These options enable the ProxyAV to drop download connections that are taking longer than a normal time frame to complete. Conversely. Downloading MIBs A Management Information Base (MIB) is a document (written in the ASN. As this type of download never ends. These slow downloads might be suspected infinite stream connections. . To download the MIB files: Click Download MIBs here. which allows for the creation of Blue Coat ProxySG policy to ignore these URLs. If the warning threshold is reached. an e-mail warning is sent if this threshold is reached. When Intelligent Connection Traffic Monitoring (ICTM) is enabled. This keeps resources available to download other objects. The Opening AV_MIBs. SNMP uses a specified set of commands and queries. To open the zip file. If you disable this option. the procedure to open or save the zip file might vary slightly. the ProxyAV terminates the oldest. see Network > Administration and ICAP Access List. Select Enable Intelligent Connection Traffic Monitoring (ICTM). b. 2000-E and SG 810: 70. Closed Network Setup This page allows you to ensure the ProxyAV receives critical updates when connection to the Internet is not possible or allowable. the ProxyAV drops enough of these connections (beginning with the oldest connections) to maintain a level below the critical threshold. Automatic license update-This is a status field. Click Configure to go to the Network Time Protocol page. this feature is disabled because no outside Internet connection is permitted NTP-You can configure the ProxyAV to use internal NTP servers. When Closed Network is enabled. Click the set URL link to go to the Update Settings page. Keep this value more than the warning threshold (Step 3). Oldest connections are dropped first. all of the settings display as Disabled. Advanced DNS-This is a status field. When Closed Network is enabled. If the number of concurrent slow connections reaches this threshold. 5. Send troubleshooting information files-This is a status field. Firmware update-After obtaining the firmware update and locating it on an internal server. To exit Closed Network status. See the table below for how default values are calculated. you can select to send an alert to administrators for each connection that is dropped. After you click Closed Network. messages if the threshold remains breached. 2000-E and SG 810: 90. Connectivity test-This is a status field. this feature is disabled because no outside Internet connection is permitted. When Closed Network is enabled. Utilities . this feature is disabled because no outside Internet connection is permitted. enter the location on the Firmware Update page and select Direct update. Specify the interval. except for Antivirus update. Antivirus update-Specify a custom location (internal server) that contains the latest AV update file. you must manually set each feature on its respective Management Console page and click Save Changes. this feature is disabled because no outside Internet connection is permitted. Specify the critical threshold. Default Threshold Calculations Warning threshold (Step 3): 70% of the recommended maximum ICAP connections: 400-E and SG 510: 35. in minutes. When Closed Network is enabled. Just as for the warning threshold (Step 3b). Some options on this page redirect you to other settings in the ProxyAV Management Console. You must manually update any license changes (from the Licensing page). Click Save Changes. that the ProxyAV repeats the warning 4. Critical threshold (Step 4): 90% of the recommended maximum ICAP connections: 400-E and SG 510: 45. therefore. and optimizations for speed and reliability.log occurs. It physically reboots the machine. but is faster. (Optional) Select Overwrite current IP configuration with the IP settings from uploaded file to use the IP definitions of the saved file. but is faster. Blue Coat does not recommend using this option except at the request of Blue Coat Technical Support. Save Configuration: Saves the current ProxyAV configurations to a file. Configuration Management These options enable you to manage the ProxyAV configuration files. This is similar to rebooting the ProxyAV. changes to the user interface. A Blue Coat Technical Support representative might ask you to invoke these internal diagnostics. Firmware Updates The firmware updates represent changes to the functionality of the ProxyAV and can include new features. Diagnostics These diagnostics create relatively large and detailed log files that provide information for troubleshooting certain network configurations. You can manage update behavior: . Reloading the AV engine temporarily interrupts the TCP/IP traffic until the reload is complete. Use this option if you perform a configuration change that does not appear to be in effect. Soft Reboot This is the equivalent of resetting a computer. Load Configuration: Loads ProxyAV configurations saved to a local file. This additional logging activity affects system performance. Reload AV Engines The ProxyAV reloads its current AV engine by stopping and restarting it. Reloading the drivers temporarily interrupts the TCP/IP traffic until the reload is complete. A new entry in the boot. Click Browse to navigate to the file.These options are designed to help you resolve technical troubles with a ProxyAV. Click Upload and Apply. Performing a soft reboot temporarily interrupts the TCP/IP traffic until the reboot is complete. This is similar to rebooting the appliance. DNS Cache These options allow you to view and clear the contents of the DNS cache. Reload Drivers The ProxyAV reloads its drivers. because it reloads only the AV engine. All right. Check and retrieve update-At the specified interval. These updates are typically one to five MB in size. or both are then performed. Ositis®. Under Update Location. the ProxyAV checks for package updates. or translated to any electronic medium or other means without the written consent of Blue Coat Systems. decompiled. If one is available. which could block network traffic for up to three minutes. ProxyAV™. firmware. Spyware Interceptor™. Depending on the update. CONDITIONS OR OTHER TERMS. If one newer software version is identified on the server. If a new software version is identified on the server. WinProxy®. title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems. Inc. it is downloaded to the ProxyAV. To install the update. DISCLAIMS ALL WARRANTIES. but not installed. the reset might be just a reload of drivers or it could be a full restart of the machine. The entire process can take anywhere from 30 seconds to 3 minutes. BLUE COAT SYSTEMS. This allows the update to be performed at the most convenient time. disassembled. The ProxyAV checks periodically (several times per day) for these updates. INC. Inc. EXPRESS OR IMPLIED. MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. Inc. Once every four hours. select this option and enter the URL (http://) of your internal server that serves as the repository for software updates. Accelerating The Internet®. Copyright© 1999-2008 Blue Coat Systems.Disable Firmware updates-The ProxyAV does not check for the latest update package and you cannot perform a manual update without first deselecting this option. SGOS™. ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Inc. RA Manager™. SG™. WHETHER ARISING IN TORT. Inc. excluding the download time. INC. CacheOS™. and the Cerberian and Permeo logos are registered trademarks of Blue Coat Systems. All other trademarks contained in this document and in the Software are the property of their respective owners. you can select Use Default for the default Blue Coat location. the information changes.. AccessNow®. INC. The Ultimate Internet Sharing Solution®. ProxySG®. and CacheFlow®. CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS. the ProxyAV checks for package updates. Remote Access™ and MACH5™ are trademarks of Blue Coat Systems. published or distributed. Because these updates might require a restart of the machine. in whole or in part. Note: The ProxyAV continues to check for updated anti-virus engine and pattern files at the interval specified in the Update frequency field on the Antivirus > Update Settings page. Powering Internet Management®. . and its licensors. IN NO EVENT SHALL BLUE COAT SYSTEMS. depending on your Internet connection. Check. RA Connector™. No part of this document may be reproduced by any means nor modified. Cerberian®. Permeo®. click Update Now. the Update Now button becomes active. Blue Coat®. The updates to software. Support This page displays the contact information for Blue Coat Technical Support. and might take a few minutes to download. ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES. but no update occurs. Scope™. Direct update-If your network topography requires that the ProxyAV cannot be connected to the Internet. or enter a URL in the field (Default must be deselected). and the ProxyAV resets itself. updates do not occur unless the administrator initiates the update. All rights reserved worldwide. but don't retrieve updates-The default. Permeo Technologies. You must invoke the update manually (see below).®. Inc. STATUTORY OR OTHERWISE.
Copyright © 2024 DOKUMEN.SITE Inc.