Bluecoat SG Proxy Deployment

ProxySG在企业网络应用解决方案采用Blue Coat ProxySG实现企业网代理访问控制、企业用户网络访问行为监控、内容过滤、Web病毒扫描P2P控制及即时通讯控制的集中管理方案目录一、BLUE COAT公司简介 (3)二、银行业互联网应用的问题 (5)2.1信息安全的需求 (5)2.2性能方面的需求 (7)2.3管理方面的需求 (7)三、BLUE COAT银行互联网通讯控制方案 (8)3.1方案总体结构图 (8)3.2B LUE C OAT安全应用及实现机制 (10)四、BLUE COAT方案特点 (12)4.1优越的代理缓存能力 (12)4.2集成的内容过滤能力 (13)4.3集成的W EB病毒扫描功能 (13)4.4优秀的应用扩展能力 (13)4.5为所有控制功能提供集中管理点 (14)4.6极大地提高员工的工作效率 (16)4.7提高内部网络安全 (16)4.8提高银行互联网流量审计能力 (16)4.9非常易于部署 (17)一、Blue Coat公司简介Blue Coat专注于提供互联网安全代理专用设备来控制和监控用户的Web访问。

Blue Coat ProxySG专用设备在不影响网络性能的前提下，集成了先进的代理功能和安全服务，如内容过滤、即时消息控制、Web病毒扫描和P2P文件共享应用控制。

Blue Coat目前在全球拥有超过3000个用户，总发货数超过17000台，已被许多世界上最具影响力的组织和机构所信任，来确保Web环境的安全高效。

Blue Coat总部位于加州的Sunnyvale。

市场及需求现状随着企业越来越依赖于互联网与客户、合作伙伴和员工进行通讯，Blue Coat 具有巨大的成长机遇。

Web浏览器已成为关键的业务通讯和信息交流的通用工具，但它同时也增加了企业的安全风险。

直到现在，大多数企业都将其安全防范的精力主要放在预防外部恶意攻击网络基础设施上，但事实上，另外关键的安全防范方面仍急待解决：来自内部的威胁和应用层的攻击威胁。

Blue Coat 产品配置及使用入门北京东华合创数码科技股份有限公司李东2007年12月目录一、ＳＧ初始化配置 (3)1.1使用console线登录ＳＧ (3)1.2配置SG端口属性 (4)1.3console 管理SG (6)二、SG注册 .....................................................错误！未定义书签。

2.1登录webpower ..........................................................错误！未定义书签。

2.2产品注册向导............................................................错误！未定义书签。

2.3通过web浏览器导入license ...................................错误！未定义书签。

三、使用WEB 浏览器管理SG (8)3.1Web browser 登录SG (8)3.2认识SG Configuration (10)3.3认识SG Maintenance (13)3.4认识SG Statistics (13)四、SG REPORTER 使用入门 (15)4.1SG 的配置 (15)4.2认识Reporter (19)4.3使用Reporter (20)4.3.1Access-log来源于本地/远地（FTP）硬盘配置 (20)4.3.2进入创建的模板 (23)4.4配置和SG进行实时Access-log通信 (24)4.4.1点击Create New Data Profile ，创建新的模板： (24)4.4.2进入创建的模板 (26)五、SGCLIENT使用入门 ..................................错误！未定义书签。

5.1配置SG ......................................................................错误！未定义书签。

Replacing the Slim SATA Drive on the ProxySG 900OverviewFollow this step-by-step procedure when it is required to replace the slim SATA embedded drive on the ProxySG 900.What You Need•Replacement Slim SATA Embedded Module from Blue Coat•ProxySG 900 applianceBefore You Begin•Power off the ProxySG 900.•Disconnect the Ethernet cable(s) and console cable.•Disconnect the power cord.•Read “Safety Warnings and Cautions” on page 3.Safety Warnings and CautionsCaution: This product is designed to work with power systems having a grounded neutral. To reduce the risk of electric shock, do not plug this product into any other type of power system. Contact a qualified electrician if you are not sure what type of power is supplied to your building.•The power button, indicated by the stand-by power marking, DOES NOT completely turn off the system AC power. 5V standby power is active whenever the system is plugged in. To removepower from system, you must unplug the AC power cord from the wall outlet. If your systemuses more than one AC power cord, make sure all AC power cords are unplugged before youopen the chassis, or add or remove any non hot-plug components.•The power supply in this product contains no user-serviceable parts. Do not open the power supply. Hazardous voltage, current, and energy levels are present inside the power supply.Return to manufacturer for servicing.•To avoid risk of electric shock, turn off the appliance and disconnect the power cord, telecommunications systems, networks, and modems attached to the appliance before opening it.•The power cord set included with the appliance meets the requirements for use in the country of purchase. Use the power cord that shipped with the appliance. If this appliance is to be used in another country, purchase an AC power cord set that is approved for use in that country (18 AWG recommended).•The power cord must be rated for the product and for the voltage and current marked on the product's electrical ratings label. The voltage and current rating of the cord should be greaterthan the voltage and current rating marked on the product. In addition, the cross-sectional area of the wires must be a minimum of 1.00mmð or 18AWG or 18AWG, and the length of the cords must be between 1.8m (6 feet) and 3.6m (12 feet).To avoid personal injury or property damage, the following safety instructions apply whenever accessing the inside of the product:•Turn off all peripheral devices connected to this product.•Turn off the system by pressing the power button to off.•Disconnect the AC power by unplugging all AC power cords from the system or wall outlet.•Disconnect all cables and telecommunication lines that are connected to the system.•Retain all screws or other fasteners when removing access cover(s). Upon completion of accessing inside the product, refasten access cover with original screws or fasteners.•Do not access the inside of the power supply. There are no serviceable parts in the power supply. Return to manufacturer for servicing.•Power down the server and disconnect all power cords before adding or replacing any non hot-plug component.•When replacing a hot-plug power supply, unplug the power cord to the power supply being replaced before removing the power supply from the server.•If the server has been running, any installed processor(s) and heat sink(s) may be hot. Unless you are adding or removing a hot-plug component, allow the system to cool before opening the covers. To avoid the possibility of coming into contact with hot component(s) during a hot-plug installation, be careful when removing or installing the hot-plug component(s).•To avoid injury do not contact moving fan blades. If your system is supplied with a guard over the fan, do not operate the system without the fan guard in place.Cooling and Airflow WarningCarefully route cables as directed to minimize airflow blockage and cooling problems.For proper cooling and airflow, operate the system only with the chassis covers installed. Operating the system without the covers in place can damage system parts. To install the covers:1. Check first to make sure you have not left loose tools or parts inside the system.2. Check that cables, add-in boards, and other components are properly installed.3. Attach the covers to the chassis according to the product instructions.ESD can damage disk drives, boards, and other parts. We recommend that you perform all procedures at an ESD workstation. If one is not available, provide some ESD protection by wearing an antistatic wrist strap attached to chassis ground -- any unpainted metal surface -- on your server when handling parts. Always handle boards carefully. They can be extremely sensitive to ESD. Hold boards only by their edges. After removing a board from its protective wrapper or from the server, place the board component side up on a grounded, static free surface. Use a conductive foam pad if available but not the board wrapper. Do not slide board over any surface.Procedure1.Unlock the shipping lock before removing the center panel cover.2.Unhinge both latches simultaneously and flip the center panel over.3.Pull up on the latch from the side, slide the rear panel cover backward, and remove it.4.Locate the slim SATA drive in the system.5.Carefully remove the existing slim SATA drive from the system.a.Disconnect the power connector from the motherboard. (Caution: Please make sure topress in on the latch when removing the power connector cable.)b.Slightly and carefully push the blue clip backward and raise up the slim SATA drive.(Caution: Please do not apply too much pressure when pushing the blue clip. Failure to do so will cause the blue clip to break.)c.Disconnect the SATA data connector from the motherboard and remove the slim SATAdrive.6.Insert the new slim SATA drive sent by Blue Coat into the system.a.Connect the SATA data connector to the motherboard.b.Slightly and carefully push in the new slim SATA drive under the blue clip. (***Caution:Please do not apply too much pressure when pushing in the new slim SATA drive. Failureto do so will cause the blue clip to break.***)c.Connect the power cable from the slim SATA drive to the power slot on themotherboard.7.Replace the rear panel cover by sliding it forward and pushing down the latch on the side.8.Flip back the center panel cover and lock the shipping lock.9.Reconnect any cables you disconnected.。

BlueCoat代理服务器配置指南Blue 国CoatSystems2011年1月目录—、安装设备及安装环境 41.1实施设备清单 41.2实施拓朴结构图4二、实施步骤 416 2.1物理连接4 2.2初始IP 地址配置4 2.3 远程治理软件配置 4 2.4 网络配置 52.4.1 Adapter 1地址配置 5 2.4.2 静态路由配置 5 243配置外网DNS 服务器6 2.4.4配置虚拟IP 地址 62.4.5 配置 Fail Over 6 2.5 配置代理服务端口 7 2.6 配置本地时钟 7 2.7配置Radius 认证服务 7 2.8 内容过滤列表定义及下载 8 2.9 定义病毒扫描服务器 9 2.10 带宽治理定义 10 2.11 策略设置 112.11.1配置DDOS 攻击防备 11 2.11.2 设置缺省策略为 DENY11 2.11.3 配置 Blue Coat An ti-Spyware 策略 11 2.11.4 访咨询操纵策略配置 -VPM 11 2.11.5 病毒扫描策略配置 11 2.11.6 用户认证策略设置 12 2.11.7 带宽治理策略定义 132.11.8 Work_Group 用户组访咨询操纵策略定义152.11.9 Ma nageme nt_Grou 用户组访咨询操纵策略定义 2.11.10 High_Level_Group 用户组访咨询操纵策略定义162.11.11 Normal_Group用户组访咨询操纵策略定义172.11.12 Temp_Group用户组访咨询操纵策略定义171619 2.11.13 IE扫瞄器版本检查策略2.11.14 DNS解析策略设置19安装设备及安装环境实施设备清单Bluecoat安全代理专用设备SG600—10 一台，AV510-A —台，BCWF内容过滤，MCAFEE 防病毒,企业版报表模块。

实施拓朴结构图Bluecoat设备SG600-10-3配置于内网，AV510-A与SG600-10之间通过ICAP 协议建立通信。

Proxy Edition SG 硬件平台指标参数Model CPU RAM HDD Included OptionCards SWGBWWAN BW ConcurrentConnectionsMax SimultaneousIPsProxy SG210-5Single512M80GB (IDE)2xPT2512K1050 Proxy SG210-10Single1GB250GB IDE SSL, 2xPT6250150 Proxy SG210-25Single1GB250GB IDE SSL, 2xPT62Unlimited UnlimitedProxy SG510-5Single1GB2x80GB SATA none20250200 Proxy SG510-10Single2GB2x350GB SATA SSL, 2xPT3412100500 Proxy SG510-20Single2GB2x350GB SATA SSL, 2xPT34123001200 Proxy SG510-25Single2GB2x350GB SATA SSL, 2xPT3412Unlimited UnlimitedProxy SG810-5Single2GB2x73GB SCSI none45125002500 Proxy SG810-10Dual4GB2x300GB SCSI SSL, 2xPT90307003500 Proxy SG810-20Dual6GB4x300GB SCSI SSL, 2xPT1554510005000 Proxy SG810-25Dual6GB4x300GB SCSI SSL, 2xPT15545Unlimited UnlimitedProxy SG8100-5Single4GB2x300GB SCSI2xGigE9030Unlimited UnlimitedProxy SG8100-10Single6GB4x300GB SCSI SSL, 4xPT15552Unlimited UnlimitedProxy SG8100-20Dual8GB8x300GB SCSI SSL, 4xPT25090Unlimited UnlimitedAVAV510-A1x2.0Ghz P41Gb1x80Gb SATA 2 x 10/100/1000 Base-T1000AV810-A1x2.8Ghz Xeon2Gb2x73Gb SCSI 2 x 10/100/1000 Base-T1000-4000AV810-B2x2.8Ghz Xeon3Gb2x73Gb SCSI 2 x 10/100/1000 Base-T4000-8000RARA510-A1x2.0Ghz P41Gb1x80Gb SATA 2 x 10/100/1000 Base-T1000RA810-A1x2.8Ghz Xeon2Gb2x73Gb SCSI 2 x 10/100/1000 Base-TRA810-B2x2.8Ghz Xeon3Gb2x73Gb SCSI 2 x 10/100/1000 Base-TDIRECTORDIRECTOR-5101x2.0Ghz P41Gb1x80Gb SATA 2 x 10/100/1000 Base-T注意：1、表中的HTTP性能是正向代理性能，如果作为CDN或反向代理使用，通常性能会提升一倍2、建议用户数为作Internet网关（正向代理情况下）单台设备支持的并发用户数3、吞吐量指的是作Internet网关（正向代理情况下）典型的数据输出能力4、如果在Internet网关上增加AV防病毒业务，用户数和吞吐量要按减少大约三分之一算.5、如果在Internet网关上增加内容过滤业务，用户数要按减少大约三分之一算.6、由于AV环境较复杂，建议咨询Bluecoat或者SINOGRID 战略产品部7、Director是内容分发设备和集中网管设备Blue Coat 若有不详之处请与我们联系。

正向代理Bluecoat配置最佳实践For SGOS V4.X第七版Bluecoat公司2009年4 月本文档的目的是通过正确的配置及测试步骤，使Blue Coat SG在正向代理测试中达到最佳的效果。

其中包括企业用显式代理和运营商带宽增益类透明代理的测试中达到最佳效果。

建议凡是碰到以运营商带宽节省为目的的测试，严格按照本文档描述的步骤。

文档修订历史目录一、SG配置关于WEB-CACHE基本配置 (5)1.1关于部署方式 (5)1.2关于操作系统版本 (5)1.3基本配置步骤 (5)二、如何调整SG性能和增益效果 (11)2.1在大流量情况下并发处理的优化 (11)2.2避免带宽负增益的最佳测试步骤 (14)2.3执行Cache充满 (14)2.4视频强制缓存 (15)2.5强制缓存没有缓存标记的流量 (17)2.6强制缓存微软的升级包 (17)2.7禁止所有包含Range: bytes header的请求（可选） (18)2.8关于Blue Coat带宽增益统计数据 (18)2.9DNS配置 (18)2.10强制缓存下载网站 (23)2.11消除Trust Destination IP对缓存影响 (25)2.12消除缓存内容过期 (26)三、查看增益效果 (26)四、如何分析流量进而优化 (29)4.1通过日志分析 (29)4.2通过Policy Trace分析 (31)4.2.1增加额外的策略+Trace (31)4.2.2打开策略Trace页面进行分析 (32)4.3检查DNS Worker (32)五、SG透明缓存环境QQ的运行 (34)六、SG和游戏及特定应用的兼容性问题的解决 (37)6.1透明代理下保证游戏能够通过SG访问 (37)6.1.1Reflect-Client-IP保证游戏服务器的认证和记录不出问题 (37)6.1.2保证联众游戏访问可以通过 (39)6.1.3设置MTU保证游戏访问通过 (39)6.2显式代理下保证MSN能够通过SG访问 (39)七、SG压力过载的保护策略 (40)7.1SG流量过载保护策略 (40)7.2CPU突发过载的保护策略 (43)八、C/S软件通过SG代理 (45)8.1Default policy Allow 和CPL中的Allow的区别 (45)8.2保证典型的C/S应用通过代理服务器能够访问 (48)8.3不支持代理的C/S软件通过SG上网的方式 (51)8.4设定放宽HTTP协议的容忍度 (52)九、飞信通过SG代理用户认证的配置 (52)一、SG配置关于Web-Cache基本配置1.1 关于部署方式Bluecoat 的SG-Web-Cache可以通过如下方式部署在网络当中：1．网桥部署方式2．通过WCCP部署方式3．通过L4的设备部署1.2 关于操作系统版本Bluecoat V4最新推荐版本是SG V4.2.8.6或4.2.9.11.3 基本配置步骤设备的基本配置步骤如下：1. STEP-1（测试前最好配置恢复为出厂配置，避免未知的问题）通过Console进入SG后—enable 进入—恢复出厂配置命令restore-defaults factory-defaults或reinitialize—初始配置设备的基本参数（IP,GW,DNS等）2. STEP-2通过HTTPS://SG-IP:8082进入SG的图形界面，进入maintenance->license->View，确认系统的License是否有效如果Licesne过期需要安装Licesne文件3. STEP-3确认设备的时钟（系统时间），由于是Cache设备，系统对时间的要求很高，需要尽可能调准系统时间，并设置适合的Local Time Zone，也可以通过NTP协议和NTP服务器自动同步。

BlueCoat代理服务器配置指南2011年1月目录一、安装设备及安装环境 (4)1.1实施设备清单 (4)1.2实施拓朴结构图 (4)二、实施步骤 (4)2.1物理连接 (4)2.2初始IP地址配置 (4)2.3远程管理软件配置 (5)2.4网络配置 (5)2.4.1 Adapter 1地址配置 (6)2.4.2 静态路由配置 (6)2.4.3 配置外网DNS服务器 (8)2.4.4 配置虚拟IP地址 (8)2.4.5 配置Fail Over (9)2.5配置代理服务端口 (11)2.6配置本地时钟 (12)2.7配置R ADIUS认证服务 (12)2.8内容过滤列表定义及下载 (15)2.9定义病毒扫描服务器 (17)2.10带宽管理定义 (21)2.11策略设置 (22)2.11.1 配置DDOS攻击防御 (22)2.11.2 设置缺省策略为DENY (22)2.11.3 配置Blue Coat Anti-Spyware策略 (23)2.11.4 访问控制策略配置-VPM (24)2.11.5 病毒扫描策略配置 (24)2.11.6 用户认证策略设置 (26)2.11.7 带宽管理策略定义 (28)2.11.8 Work_Group用户组访问控制策略定义 (33)2.11.9 Management_Group用户组访问控制策略定义 (35)2.11.10 High_Level_Group用户组访问控制策略定义 (35)2.11.11 Normal_Group用户组访问控制策略定义 (36)2.11.12 Temp_Group用户组访问控制策略定义 (36)2.11.13 IE浏览器版本检查策略 (40)2.11.14 DNS解析策略设置 (41)一、安装设备及安装环境1.1 实施设备清单Bluecoat安全代理专用设备SG600－10一台，AV510-A一台，BCWF内容过滤，MCAFEE防病毒,企业版报表模块。

SG300Figure 3Power LEDSystem LEDLED IndicatorsFigure 2ProxySG Deployed In-PathWAN (Router)Power adapter Null modemserial cable ProxySG 300 Series ApplianceLAN (Switch)Power supplyretaining clip Power switchMain Site LAN Router Figure 1ProxySG 300 Series Appliance Switch ProxySG Deployed In-Path InternetTasks1. Unpacking the Appliance2. Connecting the Cables3. Verifying the LEDs4.Performing Initial ConfigurationUnpack the shipment and verify the contents of the box.The Blue Coat ProxySG 300 series appliance ships with the following components:• Blue Coat SG300 appliance• Software License Agreement • External AC power supply adapter with AC power cord and retaining clip • Quick Start Guide (this document) •Null-modem serial cable•Safety and Regulatory Compliance Guide3Unpacking the ApplianceBlue Coat recommends connecting the cables and verifying the LED display to ensure properfunctionality before deploying the appliance.Figure 1 shows a typical Blue Coat ProxySG network deployment:The following installation assumes the network deployment shown in Figure 1 is present. For other deployment options, see the ADN Deployment Guide and the WCCP Reference Guide, available for viewing at:https:///documentation/pubs/view/SGOS 5.5.xBefore connecting the ProxySG into your network, disconnect the existing LAN switch network cable from the WAN router. This cable will be reused during installation.3Connecting the CablesTo verify that the appliance has booted and is operational, check the following:The following illustration shows the location of the LED indicators on the ProxySG 300 series:Verifying the LEDsIf the Power LED light:• Is amber , the appliance is on, but the OS has not loaded. • Blinks amber to green , the OS has loaded but is not configured.•Is green , the OS has loaded and is properly configured. If the System LED light:• Is green , the appliance is functioning properly.• Is amber , the appliance has encountered a warning.• Is flashing amber , the appliance has encountered a critical problem.•Is OFF , the appliance has not determined the system status.5. Logging on and Licensing6. Next Steps7. Troubleshooting 1 2 3 To attach the cables (Figure 2):1. Connect the network cable from the LAN switch and plug it into the 1:1 port networkinterface on the ProxySG. 2. Connect a network cable from the WAN router to the 1:0 port network interface on theProxySG. The interface auto-negotiates 10/100/1000 Base-T speed and duplex settings.3. Connect a null-modem serial cable from the ProxySG to a PC (or serial terminal). Thisconnection is used to perform initial configuration via a direct serial connection. 4. Connect the power adapter to the ProxySG DC power supply inlet, and then connect theAC plug into a power source. Activate the power switch to turn on the appliance. 5. The included power supply cord retaining clip can be used to eliminate cord slippage.Install by squeezing the sides of the clip and inserting the ends into the mounting loops located above the DC power supply inlet. Once the retaining clip is attached, swing over the plug body to secure onto place (see figure 2).Note: The SG300 can be used within a desktop location or in an equipment rack using a rack-mount shelf (not included).Americas:Blue Coat Systems Inc. 410 North Mary Ave Sunnyvale, CA 94085-4121Rest of the World:Blue Coat Systems International SARL 3a Route des Arsenaux1700 Fribourg, SwitzerlandAfter your ProxySG is configured for network access, complete the installation by verifying network connectivity and registering and licensing the appliance.Important: New customers must create a BTO account at Blue Coat’s Customer Care page before they can activate their license. Blue Coat’s Customer Care page can be found at: https:///support/customercareTo complete the ProxySG installation:1. Verify that you can log into the appliance via the Web browser. To log into the appliance:a. Enter the ProxySG IP address into your web browser's Address or Location box usingthe following format: https://proxy_ipaddress:8082.b. Enter the user name and password specified during configuration to access themanagement interface. The management interface loads within your browser window.2. After login, register and activate your license. If you have a Full Proxy Edition license, goto step a; if you have an Acceleration Edition license, go to step b.a. To activate a license from the Advanced Management Console, navigate to theLicense page: Maintenance > Licensing > Install and click Retrieve. The requestLicense Key dialog displays. Go to step c to finish licensing the appliance.b. To activate a license from the Sky Management Console, navigate to the Licensepage: Configure > Device > Licensing.c. Enter your existing BlueTouch Online credentials and click Request license (for theAdvanced Management Console) or Submit credentials and install license (for theSky Management Console).Note: The ProxySG ships with a 60-day trial license. The appliance can be registered and licensed any time during that period.3Logging on and Licensing the ApplianceThis section lists additional resources for using the ProxySG appliance.3Next StepsContext-sensitive information about the ProxySG Online Help. To access, click the Help button in the Sky Management Console or Management Console.Reference Documentation Configuration and Management Guide (CMG), acollection of volumes documenting ProxySG features.To access, click the documentation link in the SkyManagement Console or Management Consoleinterfaces, or visit:https:///documentation/pubs/view/SGOS 5.5.xAnswers to frequently asked questions Blue Coat Knowledge Base, available at: https://Blue Coat User community Blue Coat Support Forums, available at:https:///Classroom and web-based training Blue Coat Training, available at:https:///support/training Deployment planning andconsultationBlue Coat Professional services, available at:https:///support/professionalservicesTechnical Support Blue Coat Support, available online at:https:///support/overviewContact Blue Coat by telephone in North America at(866) 982-2628 or +1(408) 220-2299.This section describes how to troubleshoot several hardware problems.Problem: The system does not power up.Solution: Check the power cords and verify that the outlet is receiving power.Problem: The System and Power LEDs are green, but there is no network connectivity.Solution: Check the network connections to verify that they are not loose. Otherwise,the problem might be a bad network cable or an issue with the router/switch.Problem: I am unable to access the ProxySG’s management console using my browser.Solution: Check all network configuration information, the subnet mask and default-routerconfigurations, and that no other devices on the network are attempting to use thesame IP address.Problem: I receive an invalid certificate warning when attempting to access the managementconsole using my browser.Solution: This is normal. The ProxySG generates a self-signed certificate upon initialconfiguration. You can safely ignore the warning or import the ProxySG’s certificateinto your browser to avoid future warnings.Additional troubleshooting resources:• Blue Coat Knowledgebase: https:///• Blue Coat User Community: 3TroubleshootingHow to Contact Support — For the current list of regional customer support phone numbers,go to: /support/contactsupport/When contacting Blue Coat Systems for technical phone support or to set up an RMA, beprepared to provide your serial number to verify entitlement. If you do not have your serialnumber, supply Blue Coat with your Support Contract Number, which can be found on yourSupport Contract Certificate.If you have purchased a Support Contract but have not received a Support ContractCertificate, go to /support/customercare/BlueTouch Online — BlueTouch Online https:// allows you to create newtechnical support cases, review and comment on open cases at any time. You also haveaccess to exclusive Blue Coat support materials, installation notes, and updates. To obtain aBlueTouch Online login, go to https:///requestloginBlue Coat Support Offerings — For a list, see /support/overview3Service InformationRECYCLE YOUR OLD BLUE COAT APPLIANCE! — Blue Coat offers an easy andsustainable way to recycle your decommissioned Blue Coat appliances. Simply use your newshipping box to send us your old appliance, absolutely free of charge. For details and shippinginformation, please visit: /company/environment/productrecyclingWHY RECYCLE? — According to the Silicon Valley Toxics Coalition, nearly 80% of U.S. e-waste is discarded in toxic waste dumps around the world. Without proper recycling,hazardous chemicals and other materials pose serious environmental and health risks. Byoffering a free and easy-to-use take-back program, Blue Coat enables businesses to efficientlyand responsibly dispose of used technology. Find out how!1. FAST AND EASY TO USEUse your new appliance carton to ship us your old technology2. PROTECTS PEOPLE AND THE PLANETResponsible technology recycling is good for business and the environment3. ABSOLUTELY FREEWe cover all the costs, including Shipping4. COMPLETE DETAILS/company/environment/productrecyclingRecycling Information231-03091 REV A.0Copyright© 1999-2010 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be repro-duced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translatedto any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and inter-est in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. andits licensors. BluePlanet™, BlueTouch™, Control Is Yours™, DRTR™, ProxyAV™, ProxyRA Connector™,ProxyRA Manager™, SGOS™ and Webpulse™ and the Blue Coat logo are trademarks of Blue Coat Systems, Inc. andBlue Coat®, BlueSource®, K9®, IntelligenceCenter®, PacketShaper®, ProxyClient®, ProxySG®, Permeo®, and the Per-meo logo are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and inthe Software are the property of their respective owners.BLUE COAT SYSTEMS, INC. DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IM-PLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER IN-CLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR APARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT SYSTEMS, INC., ITS SUP-PLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANYOTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OFSUCH DAMAGES.567。

江苏移动Bluecoat ProxySG 网络改造目录前言 (4)一、BLUE COAT SYSTEMS公司简介 (6)二、互联网出口安全控制改造方案 (8)2.1当前网络情况 (8)2.2B LUE C OAT P ROXY SG改造建议方案 (9)2.2.1 策略修改 (9)2.3方案描述 (9)2.3.1用户认证域控制 (9)2.3.2 NTLM用户认证域定义 (11)2.3.3 NTLM服务器定义 (11)2.3.4 IWA通用信息配置 (12)2.3.5 LDAP用户认证域定义 (14)2.3.6 LDAP服务器定义 (16)2.3.7 LDAP DN定义 (16)2.3.8 LDAP Base DN举例 (17)2.3.9 LDAP检索用户定义 (18)2.3.10 LDAP对象类定义 (20)2.3.11 LDAP通用信息配置 (21)2.3.12 本地用户列表定义 (22)2.3.13 VPM配置 (24)2.4测试与回退 (25)2.5方案特点 (25)三、主要技术及产品描述 (26)3.1B LUE C OAT互联网代理技术――用户认证、授权和统计 (26)3.1.1 内容安全控制 (27)3.1.2 灵活的策略控制 (29)总结 (32)前言Web浏览器作为应用访问和互联网通讯的手段，已经完全渗透到桌面环境中；越来越多的企业和机构正在实现基于浏览器的应用，作为它们业务操作的几乎所有应用的解决方案；同时，浏览器已经成为员工从互联网获取和传递信息的主要手段。

因此，建立一个高效、快速、安全的互联网访问环境，成为企业及机构网络建设的一个主要任务。

建设快速高效的企业互联网环境，所面对的主要问题在于带宽和互联网连接所造成的互联网访问响应速度问题，因此，互联网高速缓存得到广泛应用，而网络安全主要由防火墙提供保护；然而，由于支持各种Web协议的浏览器功能多样，而病毒、黑客、“木马”类“间谍”软件能够通过各种途径，在用户进行互联网访问时，在不知不觉中侵入到企业网络中来，通常我们把这一类威胁定义为“应用级威胁”，其破坏力与广为人知的网络安全漏洞一样严重。

BlueCoat SG 功能介绍及其配置目录一、应用功能介绍 (3)1.1命令行配置SG (3)1.2代理服务设置 (8)1.3用户上网行为策略 (8)1.3.1用户上网行为控制策略介绍 (8)1.3.2基本策略设置 (10)1.3.3授权访问指定网站设置 (10)1.3.4指定访问互联网时间设置 (18)1.3.5下载权限设置 (22)1.3.6自定义反馈页面 (27)1.3.7 用户认证设置 (33)1.3.8 BCWF（WEB 页面分类） (38)1.3.9 服务类型设定 (40)二、设备管理功能 (40)2.1设备管理功能介绍 (40)2.2上传日志设置 (41)2.3双机冗余设置 (43)2.4修改设备名称 (43)2.5修改登陆SG的用户名、密码 (44)2.6单机备份、还原 (44)2.7热启动 (45)2.8恢复初始化设置 (46)2.9创建SG登录用户并设置权限 (48)2.10 设备抓包 (62)2.11 升级OS (62)三、设备状态查看功能 (63)3.1设备状态查看功能介绍 (63)3.2查看设备基本属性 (64)3.3查看磁盘和系统属性 (64)3.4查看license状态 (65)3.5查看用户实时访问记录 (65)3.6查看缓存对象大小分布率 (66)3.7查看实时设备资源状况 (67)3.8查看设备事件日志 (69)3.9查看设备健康度 (69)3.10查看缓存效果 (70)四、Reporter的配置及使用 (71)4.1、REPORTER介绍 (71)4.2、安装REPORTER (72)4.3、访问REPORTER (76)4.4、激活REPORTER (77)4.5创建模板 (78)4.6、创建REPORTER用户，设置用户权限 (81)4.7、DASHBOARD的使用 (85)4.8、REPORTER FILTER的使用 (87)4.9、REPORT的使用 (89)4.9.1一周每天的流量 (89)4.9.2一周其中一天的流量 (89)4.9.3一天每个时间段的流量 (90)4.9.4一个月的流量 (91)4.9.5访问量最高的前11个网站 (91)4.9.6某网段访问最多的前11个网站 (92)4.9.7每天流量最多的IP排名。