Instruction/ maintenance manual of the product SGOS 4.x Blue Coat Systems
Go to page of 34
Blue Coat ® Systems Pro xy SG ™ SGOS 4.x Upgr ade Guide.
Blue Coat SGOS 4.x Upgrade Guide ii Contact Inf or mation Blue Coat Syst ems Inc. 650 Almanor A venue Sunnyvale, California 94085 North America (USA) T oll Fr ee: 1.866.362.2628 (86 6.36.BCOA T) North America Direct (USA): 1.408.220.2270 Asia Pacific Rim (Japan): 81.
iii Contents Contact Information Chapter 1: Upgrading—Ove rview Changes Between SGOS 3. x and SGOS 4.x ....................... ................. ................ ............... ................ ... ............ 5 About the Document Organization ...
Blue Coat SGOS 4.x Upgrade Guide iv.
5 Chapter 1: Upgr ading—Ov er view Blue Coat ® stro n g l y re c om m en d s t h at yo u rea d th i s d o cu m e n t b e fo re at te m p t i ng t o u p gr ad e to S GO S 4.
Blue Coat SGOS 4.x Upgrade Guide 6 • Blue Coat ProxySG Configuration and Management Guide • Blue Coat Pr oxySG Content Policy Language Guide • Blue Coat Pr oxySG Command Line Interface Ref erence Document Con v entions The following section li sts the typographical and Command Line Interface (CLI) syntax conventions used in this manual.
7 Chapter 2: Upgr ade Beha vior , General Upgrading When upgrading to SGOS 4.x from SGOS 3.2.4 or higher , the Pr oxy SG saves a copy of the original configurations.
Blue Coat SGOS 4.x Upgrade Guide 8 Summar y of Changes to the Upgrade Process • The upgrade path must include a sy stem that shows all possible depr ecation warnin gs, so that these can be corr ected in advance of the upgrad e, to avoid policy compilation failu res after upgrading.
Chapter 2: Upgrade Beh avior, General 9 Redoing an Upgr ade from SGOS 3.2.4 When the initial SGOS 4.x upgrade occurs, any comp atible config urations are converted. This only happens the first time you upgrade; i f you later downgrade to a pr e-SGOS 4.
Blue Coat SGOS 4.x Upgrade Guide 10 Changing Between SGOS 4.x V ersions When moving fr om one SGOS 4.x r elease to anot her SGOS 4.x release, the system maintains all settings. Changes made after an upgrade continue to be available after a subsequent downgrade as long as the setting is re levant to the downgraded release.
Chapter 2: Upgrade Beh avior, General 11 Included W ebsense Offbo x Content Filtering For W ebsense of f-box support only . Included ICAP Services External virus and content scanning with ICAP servers.
Blue Coat SGOS 4.x Upgrade Guide 12 Hardware Suppor ted W ith SGOS v4.x, support for the Proxy SG Series 600 and 700 systems has been dr opped. Users with these systems must either upgrade their hardwar e or stay with SGOS v3.
13 Chapter 3: F eature-Specific Upgrade Beha vior This chapter provides critical information concerning how specific features are affected by upgrading to SGOS 4.x (and i f relevant do wngrading fr om) and provides actions admi nistrators must or are recommended to take as a result of upgrading.
Blue Coat SGOS 4.x Upgrade Guide 14 Global Enab le/Disable Switch In SGOS 4.x, you can enable or disable access loggi ng on a global basis, both through the Management Console ( Access Logging>General>Global Settings) and the CLI. When logging is disabled , that setting overrides bo th policy and logging configuration.
Chapter 3: Feature-Specific Upgrade Beh avior 15 P eer-to-P eer The Proxy SG recognizes peer -to-peer (P2P) activity rela tin g to P2P file sharing applications. By constructing policy , you can control, block, and lo g P2P activity and limit th e band width consumed by P2P traffi c.
Blue Coat SGOS 4.x Upgrade Guide 16 A new substituti on modifier—label(N)— has been added. It is used in conjunction with the client.host substituti on variable in defi ning Policy Substi tution Realms.
Chapter 3: Feature-Specific Upgrade Beh avior 17 A uthentication T wo new r ealms—policy substitution and Ob lix COREid—have been added in SGOS 4.x. • COREid Realm—The Pr oxy SG can be configur ed to consul t an Oblix COREid (f ormerly known as Oblix NetPoint) Access Server for authentica tion and session manage ment decisions.
Blue Coat SGOS 4.x Upgrade Guide 18 Upgrade Beha vior As BWM is a new feature, upgrade issues are restricted to pr eviously existing bandwidth configuration that will now be subs um ed into the BWM configuration. BWM does not r eplace the older bandwidth limiting featur es currently available in Streaming (max streaming, max Real and ma x MMS).
Chapter 3: Feature-Specific Upgrade Beh avior 19 On an upgrade, cached HTTP objects ar e usable. On a downgrade, cached H TTP objects fetched after the upgrad e are re-fetched.
Blue Coat SGOS 4.x Upgrade Guide 20 Endpoint Mapper and SOCKS Compression The Endpoint Mapper proxy accelerates Microsoft RPC traffic between branch and main of fices, automatically creating TCP tunnels to p orts wher e RPC services ar e r unning. The Endpoint Mapper proxy can be used in both explicit and transpar ent mode.
Chapter 3: Feature-Specific Upgrade Beh avior 21 • SGOS#(config external-services) view htt p icap-patience details • SGOS#(config external-services) view htt p icap-patience header • SGOS#(conf.
Blue Coat SGOS 4.x Upgrade Guide 22 • user= • user .domain= • user .x509.issuer= • user .x509.serialNumber= • user .x509.subject= The authenticated= condition can be used to test whether or not the user information is available.
Chapter 3: Feature-Specific Upgrade Beh avior 23 CPL Syntax that was deprecated in SGOS 3.x has been abandoned in SGOS 4.x. Policy that includes abandoned syntax should be cor rected befor e yo u attempt to upgrade the system. The standard upgrade path and process are designed to ensur e the integrity of policy and the securi ty of your network.
Blue Coat SGOS 4.x Upgrade Guide 24 protocol= url.scheme= proxy_address= proxy.address proxy_card= proxy.card proxy_port= proxy.port release_id= release.id= release_version= release.version= request_header.<name>= request.header.<name>= request_header_address.
Chapter 3: Feature-Specific Upgrade Beh avior 25 prefetch() pipeline() proxy_authentication() authenticate() reflect_vip() reflect_ip() service() allow or deny trace_destination() trace.destination() trace_level() trace.level() trace_request() trace.request() trace_rules() trace.
Blue Coat SGOS 4.x Upgrade Guide 26 request_header.Content-Language request.h eader.Content-Language request_header.Content-Length request.h eader.Content-Length request_header.Content-Location request.h eader.Content-Location request_header.Content-MD5 request.
Chapter 3: Feature-Specific Upgrade Beh avior 27 request_header.User-Agent request.h eader.User-Agent request_header.Vary request.header.Va ry request_header.Via request.header.Vi a request_header.WWW-Authenticate request.h eader.WWW-Authenticate request_header.
Blue Coat SGOS 4.x Upgrade Guide 28 Documentation Ref erences Appendix D, “Substitutions,” in the B lue Coat Cont ent Policy Language Gu ide Exception P ages A number of built-in exception pages have been a dded to SGOS 4.x to send information back to the user under operational contexts that ar e known to occur .
Chapter 3: Feature-Specific Upgrade Beh avior 29 • HTML Notificati on ❐ notify ❐ notify_missing_cookie • Compression ❐ transformation_err or ❐ unsupported_encoding ❐ invalid_res ponse • ICAP ❐ icap_error (should be used in place of the existing icap_communications_err or exception page) On a downgrade to SGOS 3.
Blue Coat SGOS 4.x Upgrade Guide 30 On an upgrade, objects that cannot be named by the user are automatically updated to have the underscore character pr efix the object name.
Chapter 3: Feature-Specific Upgrade Beh avior 31 SGOS#(config ssl)import keyring show|no-show keyring_id SGOS#(config ssl)import certificate keyr ing_id SGOS#(config ssl)import signing-request keyring.
Blue Coat SGOS 4.x Upgrade Guide 32.
33 Inde x A access logging default logs, protocols 14 global enable/disable switch, CLI commands 14 global enable/disable switch, ov ervi ew 14 new features in 13 P2P log, format 15 P2P upgrade behavi.
Blue Coat SGOS 4.x Upgrade Guide 34 substitutions abandoned 25 additional 15 substitution syntax, abandoned 23 U upgrading changes betwee n SGOS 3.2.3 and SGOS 4.
An important point after buying a device Blue Coat Systems SGOS 4.x (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Blue Coat Systems SGOS 4.x yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Blue Coat Systems SGOS 4.x - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Blue Coat Systems SGOS 4.x you will learn all the available features of the product, as well as information on its operation. The information that you get Blue Coat Systems SGOS 4.x will certainly help you make a decision on the purchase.
If you already are a holder of Blue Coat Systems SGOS 4.x, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Blue Coat Systems SGOS 4.x.
However, one of the most important roles played by the user manual is to help in solving problems with Blue Coat Systems SGOS 4.x. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Blue Coat Systems SGOS 4.x along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center