Академический Документы
Профессиональный Документы
Культура Документы
This page displays the current Blue Coat ProxyAV content scanning and network statistics.
Table
Displays the current Internet Content Adaptation Protocol (ICAP) statistics.
Connection Statistics
Displays the network traffic statistics and ProxyAV MAC addresses. Information is segregated by Terabytes (TB), Gigabytes (GB), Megabytes (MB), Kilobytes (KB), and Bytes. Also gives the number of traffic processed per second. Click Reset Counters to reset data to 0.
Current Downloads
Displays current ProxyAV download activity.
Network
This page allows you to specify basic network configurations on the ProxyAV.
Global Settings
Enter a new name or change the existing name of the ProxyAV. If you have more than one ProxyAV on your network, consider using names that can help you distinguish between machines.
Blue Coat AV 400-E: 0 Blue Coat AV 510/810: 0 2000-E: 1 If you are only using one connection to the ProxyAV, you must use Interface 0.
Ciphers List
You can select the SSL ciphers to allow for HTTPS Web interface access. However, it is important to verify your browser settings before changing the cipher configuration, and to be very cautious about making changes. For example, disabling any high ciphers could lead to losing access to the HTTPS Management Console. IMPORTANT: Before you enable or disable SSL ciphers for HTTPS access, be sure to configure the ProxyAV to be accessed through HTTP. Doing so ensures that you will not lose access to the ProxyAV while making changes to the SSL ciphers for HTTPS. If you disable or enable any of the ciphers in the list, click Save Changes, and be sure to switch from HTTP access back to HTTPS access when you are finished with the SSL cipher configuration.
1. In the IP Address field, enter the IP address of a client or subnet that is or is not
allowed administrative, ICAP, or SNMP access to the ProxyAV.
2. In the Mask field, enter a subnet address. 3. From the Interface drop-down list, specify whether this IP address has access to
one or both ProxyAV interfaces.
4. Select a Status:
Allowed Admin Access: This IP address and subnet is allowed administrative access. Allowed ICAP Access: This IP address and subnet is allowed to be an ICAP client. Allowed SNMP Access: This IP address and subnet is allowed SNMP access. Click Save Changes.
5.
1. Click Add. The Proxy Server page displays, which contains fields for adding
servers.
3. 4. 5. 6. 7.
HTTP Proxy: Proxy this AV appliance through the defined HTTP proxy server. SOCKS Proxy: Proxy this AV appliance through the defined SOCKS proxy server. In the Host field, enter the IP address or host name of the HTTP or SOCKS proxy server. In the Port field, enter the port number. (Optional) This only applies to HTTP Proxy: Select Enable Proxy Authorization and enter a username and password in the appropriate fields. Click Add. Repeat the procedure to add more servers, if required.
1. Click the Change Read-Only User Data link. 2. In the New Password field, enter the administrator password; repeat for the
Verify New Password field. The maximum number of characters is 16.
1. Select Require Authentication. 2. In the Username field, enter the administrator user name. 3. In the New Password field, enter the administrator password; repeat for the
Verify New Password field. The maximum number of characters is 16.
4. In the Session timeout field, enter the number of minutes before re-entering of
the credentials is required.
Licensing
This page enables you to view the status of your antivirus vendor license, register the ProxyAV automatically or through the Blue Coat Licensing Portal (BCLP), and update your antivirus license key automatically or retrieve a license key from the BCLP.
Licensed Components
This table displays the AV vendor currently licensed on your ProxyAV, the active status, the expiration date, and the number of days left on your current license.
This section displays the hardware serial number (for ProxyAV models 400E, 510, and 810) or MAC address (for ProxyAV model 2000) and the date and time the license key file was generated.
License Administration
This section allows you to automatically register a ProxyAV vendor license or retrieve an AV vendor license key file manually using the BCLP. To register a ProxyAV vendor license automatically: Click Register appliance automatically (recommended). To retrieve an AV vendor license from the BCLP:
1. Click Activate/Manage to display the BCLP Web page. 2. Enter your WebPower credentials and click Login. 3. Enter the Activation Code or Subscription number from the e-mail received from
Blue Coat, or click Retrieve a license file for your appliance. To retrieve a license file, enter your hardware serial number (for ProxyAV models 400E, 510, and 810) or MAC address (for ProxyAV model 2000), and click Submit. Click Download License File. The File Download dialog displays. Click Save to save the license file to your computer.
4. 5.
Save Changes
If you make any changes on this page, you must click Save Changes to activate the changes.
Antivirus Settings
This page allows you to view AV information and display pages to configure scanning behavior.
Table
The table at the top of this page displays information about the current antivirus vendor. The Days Remaining column displays the current length of your license to use the software. If the license has expired, that date displays, as well as the date on which the grace period expires. The ProxyAV checks for new engines and pattern files once every 30 minutes. Selecting Force Update forces the ProxyAV to download and install the latest file versions, regardless of the file versions currently residing on the ProxyAV.
Scanning Behavior
Using the options on this page, you can set parameters and options for antivirus scanning.
Heuristic Parameters
When the Heuristic Parameters option is enabled, the ProxyAV learns about traffic patterns on your network and adjusts accordingly to increase performance. After an initial learning period, the ProxyAV should be able to accelerate about 15% to 30% of the network's traffic. The learning process restarts whenever a new virus pattern file or an updated scanning engine is downloaded.
Extended Options
This field is dynamic, based on which AV engine you are using: Detect Spyware/Detect Adware (Kaspersky AV engine only) Detect Potentially Unwanted Programs (McAfee AV engine only) Detect Spyware (Panda AV engine only) Detect Potentially Unwanted Programs (Sophos AV engine only)
Enabled: Scanning stops after the first instance of a virus or spyware. For Kaspersky, Detect Adware is enabled by default. It can be deselected, but it cannot be selected without selecting Detect Spyware. Disabled: Scanning stops only after the first instance of a virus, not spyware.
Save Changes
You must click Save Changes to enable the changes made on this page.
1. Select Enabled. 2. (Optional) Depending on whether you are using Kaspersky or Sophos, do one of
the following: a. (Kaspersky only) Select True type of ... container to enable recognition of individual files in compound files. If this option is enabled, when an unknown file is detected within a container, the unknown policy is applied to the entire container file. If this option disabled, then unknown files within containers are scanned. b. (Sophos only) Select Detect weak types to enable recognition of file types that otherwise might be difficult for the ProxyAV to identify with 100 percent confidence. Specify policy for each file type: Don't scan-The file is served back to the ProxySG without AV scanning occurring. Block-No scanning occurs and the ProxyAV returns a response to the ProxySG that the file was blocked (code type: file_type_blocked). Scan-The ProxyAV scans the object for malicious content and returns the content or modified response to the ProxySG. Click Save Changes.
3.
4.
Note: The Unknown file type applies to all files not recognizable by the ProxyAV.
File extensions
Specifies scanning behavior based on file name extension. These options can increase performance, but also increase security risks. Drop files having extensions: Any file types with these extensions are blocked and not served to the client. Don't scan files having extensions: Any file types with these extensions are passed through unscanned to the client. If you enable this option, consider the
Blue Coat advisory that viruses and other malicious code can be embedded in many file types, including image formats. Click Save Changes to commit your changes to the ProxyAV.
Update Settings
This page configures the duration between AV updates, and where to look for them. In the Update frequency field, specify the number of minutes of the interval between updates.
Update location
To get the update from a location other than the default, enter a URL in the Custom field. Note: If an https:// URL is entered, the update uses HTTPS for downloads. When using the default update URLs, the AV update occurs over HTTPS or HTTP, depending on whether Enable Client/Server HTTPs Connection is selected on the Advanced/SSL client page.
Save Changes
You must click Save Changes to enable the changes made on this page.
2. 3. 4. 5. Default Settings
Click this to revert any custom changes back to the default settings.
Alerts
This page allows you to enable e-mail alerts, logging, and SNMP traps for various events on the ProxyAV. E-mail: Sends an e-mail to the administrator. To configure e-mail alerts, click Alerts Settings. Logging: Creates an entry in the AlertLogFile.log file. SNMP Trap: Sends a trap to the SNMP manager. To configure SNMP traps, select Advanced > SNMP Settings. Note: If all of the alert settings are disabled, one entry is still written to the InternalInfo.log file for each state change. For each event type in the following list, select the alert options in the table: Virus is found: A virus was found in an ICAP session. File was passed through without being scanned: Several settings on the Antivirus page enable the administrator to allow files to pass through ProxyAV unscanned. For example, there is an antivirus file scanning timeout. File was blocked (exclude virus case): A file is blocked for any reason other than a virus infection. For example, the administrator decides to block password protected compressed files. Failed to connect for update: The ProxyAV looks for new AV updates once every 30 minutes. This fails if the ProxyAV does not have access to the Internet or if the file servers are down or unreachable. Successful update: The ProxyAV checks for AV updates once per 30 minutes. These files are updated regularly. Enable this alert to find out when a new pattern file has been downloaded. Subscription Expiring: Your license to use AV software on the ProxyAV requires annual renewals. The ProxyAV reminds you when the end of the subscription period is getting near. On Board Diagnostics: If the state of a monitored ProxyAV appliance metric changes, and that metric is selected to trigger an alert or SNMP trap, an alert or SNMP trap is sent. Intelligent Connection Traffic Monitoring (ICTM): If the maximum specified concurrent slow connection warning or critical thresholds are reached, an alert is sent. Click Save Changes to enable the changes made on this page.
Alerts Settings
The options on this page allow you to configure: Sender e-mail address: The source mail address to use for alert e-mails. For example: proxyav123@company.com. Recipient e-mail address: Defines who the ProxyAV alerts when an event occurs. Send alerts to multiple addresses by using a comma separated list; for example: user1@company.com,user2@company.com,consultant@otherco.com. If
this field does not contain a recipient address, the ProxyAV neither attempts to send an e-mail nor makes an entry in the AlertErrors.log. SMTP server address: Messages are sent to the address listed above through the SMTP server listed here. SMTP Authorization (POP-Before-SMTP) Enabled: The ProxyAV uses POP before SMTP to authenticate; therefore, your username and password is submitted to the mail server on port 110 before sending the alert. You must click Save Changes to enable the changes made on this page.
Log Files
The options on this page allow you to configure ProxyAV logging options.
Logging
This option allows you to forward detailed connection log (connections between the Management Console and the file scans) information to any system on your network. The ProxyAV includes an application for receiving logs called ConnLog.exe and can be downloaded by clicking Get log receiver application or Get Windows based log receiver application. Note: This is not syslog-type information. The logs are in plain text format and can be imported into most log analyzer applications. ConnLog.exe writes a new log file for each day into the current directory. By default, it listens for a connection from the ProxyAV on port 8001. Run ConnLog.exe from a command line to change this listening port. The ConnLog.exe /? command displays usage information. To define where logs are sent:
1. 2. 3. 4.
5. 6. 7.
8. CSV Logging
Select Enable sending logging information to remote computer. In the Address field, enter the IP address of the destination server. Select the protocol: TCP/IP or UDP. Select the logging format: ProxyAV Classic: The Blue Coat logging format. MS Proxy 2.0: Microsoft Proxy logging format. ISA W3C: Extended log file format. User Defined: A log format you specify using the format string. If you selected User Defined format, you can select Include W3C headers to include them. If you selected User Defined, you can specify the Delimiter format, Comma or Space. The Format String field displays the default logging tokens, based on the selected log format, that define what detailed information appears in the logs. If you selected User Defined format, you can modify this as required. To display a list of valid tokens, click Token list. Click Save Changes.
This option allows the ProxyAV to log viruses in CSV format. To configure CSV logging:
2. Select to create a new file every Hour, Day, Month, or Week. 3. In the Field delimiter field, enter what symbol is used to separate log entries. 4. Click Save Changes. Log Files
This table allows you to view the generated log files. The first column link saves a text file to a specified location. Click the link in the second column to display the log file in a Web browser. Note: You can download all the logs as a single zip file; see the Advanced > Troubleshooting page. AdminInfo.log: Logs all admin actions, such as access times and changes made. This information assists in detecting the current state of the ProxyAV and in efficiently troubleshooting any issues. Note: When the AdminInfo.log file size reaches 100 Kb, the file is renamed to AdminInfo.log~ and a new AdminInfo.log file is created. If a previous AdminInfo.log~ file exists, it is deleted. o AlertErrors.log: This file is a log of alert errors. When the ProxyAV cannot send alerts to the administrator(s) designated in the Alerts page, the event is logged here. The most common entry to this log is an inaccessible SMTP server. AlertLogFile.log: This log is different from the AlertErrors.log in that it includes all alerts, not just those that could not be sent to the administrator by e-mail.
Note: When the AlertLogFile.log reaches 1 MB, it is renamed to AlertLogFile_YYYY_MM_DD_N.log and the AlertLogFile log starts over. When the total of AlertLogFile log files reaches 35 MB, the ProxyAV begins deleting the oldest alert logs. o o o o o o virus-log-date.csv: Log files generated by virus logging in CSV format. boot.log: Records all reboots of the machine. Using this information, Blue Coat Technical Support can assist you with troubleshooting. diagnosticS.log: Debug information: thread counts for AV scanning; number of active threads, and scanning queue length. diagnosticSprev.log: When the diagnosticS.log grows to more than 3MB, it is renamed to diagnosticSprev.log. diagnosticT.log: Periodic dumps of internal information. Blue Coat might request the contents for diagnosing any issue. diagnosticTprev.log: When the diagnosticT.log grows to more than 3MB, it is renamed to diagnosticTprev.log.
When a diagnostic log file reaches 3 MB or an internal log reaches 100 KB, it is copied to a backup file (overwriting it) and starts over. The packet log can run until the free space on the disk drops below 20 MB.
Advanced
This page provides advanced configuration options.
Route Table
This page allows you to enter additional routes for deployments where the ProxyAV default route (see Network) is not sufficient. A typical use for the Route Table is when the SMTP or DNS servers to be used by the ProxyAV are located on an internal network. Routes entered here do not affect traffic that is scanned by the ProxyAV; they are only used for connections where the ProxyAV is the client. These include updates of pattern and engine files, checking for updates to ProxyAV firmware, and sending alerts. To add a route to the table:
1. 2. 3. 4. 5. 6.
Click Add; the Route entry page appears. In the Destination field, enter an IP address to be used in routing. In the Mask field, enter a subnet value. In the Gateway field, enter a gateway value. Click Save Changes. Repeat as required.
ARP Table
This page allows you to enter static ARPs or clear the dynamic and static ARPs. To add an ARP value to the table:
1. 2. 3. 4.
At the bottom of the table, enter an IP address in the first field. Enter a MAC address. From the drop-down list, select an interface. Click Add.
Messages
Each alert contains information about the event that triggered it. Because different events can trigger an alert, there can be many different alert forms. In the Customize Messages table, you can specify what information is in each type of alert. The first three columns-Protocol, Event, and Command Type-define each type of event. The Alert column defines what information is included in the alert that is logged or sent through email to the administrator. The Substitute column defines what text is substituted for the original data. For example, for HTTP downloads, the ProxyAV replaces the entire infected file with the substitute text. Autotext keywords can be used in the Alert and Substitute messages to get contextual information about the event into the messages:
1. Click Modify to call the Message screen. The first few fields provide information 2.
about the event. Under State, the default is to use the default message. Click Custom to alter or annotate the message and character set.
The following keywords may be used: %CLIENT: The client IP address. %ACTION: The action that was performed (file passed/dropped). %URL: The URL from which the file was downloaded. %VIRUS: The virus or potentially unwanted software (PUS) name. %REASON: Why the event occurred. For example, why was the file scanned?
%MACHINENAME: The name of the ProxyAV. %MACHINEIP: The ProxyAV IP address. %HWSERIALNUMBER: The ProxyAV serial number. %PROTOCOL: The scanned protocol. %APPNAME: The application name (ProxyAV). %APPWEB: The application vendor Web address. %APPVERSION: The application version. %AVVENDOR: The AV vendor. %AVENGINEVERS: The AV engine version. %AVPATTERNVERS: The AV pattern version. %AVPATTERNDATE: The AV pattern date. %TIMESTAMP: The time the event occurred. %ADMINMAIL: The administrator mail address. The % character always precedes the tag name. Capitalization is also important; do not use lowercase variable names.
On Board Diagnostics
The ProxyAV monitors its vital system components and displays the current status for each component. The metrics vary slightly for each model, as follows: AV510 and AV810-CPU, memory, hardware, and network metrics are available. AV400 and AV2000-CPU, memory, and network metrics are available. The table includes the following information: Alert Enabled: Depending on the type of alerts you have enabled, sends an email alert or creates a log entry when there are changes in the metric's state. Clear a check box to prevent an alert from being sent for that metric. SNMP Traps Enabled: When selected, SNMP traps are enabled for CPU, memory, and network interfaces. However, SNMP traps will only be sent when a the current state changes from OK or Warning to Critical. Important: If alerts are not enabled, the check boxes in the On Board Diagnostics table are not available.To enable SNMP Traps, E-mail, and Logging alerts for On Board Diagnostics, select Alerts, then select the appropriate check boxes. The current state, unit, numerical value, and state change interval for each metric is provided, as well as the acceptable upper and lower critical and non-critical values.The state indicates the severity of the metric as a health issue: OK-The monitored system or device is behaving normally. WARNING-The monitored system or device is outside typical operating parameters and might require attention. CRITICAL-The monitored system or device is either failing or is far outside normal parameters and requires immediate attention. Note: You can configure the state change interval, upper critical, and upper non-critical values for CPU, memory, and network interfaces. The default values display in the table. Click Save Changes to save any changes you make to the options in this table.
Date/Time Settings
Specifies the clock of the ProxyAV. Enter the current date and time values. Select a time zone from the Time Zone Information drop-down list. Click Save Changes.
1. 2. 3. 4. 5. 6.
Enter the hostname of the time server and click Add. If entering more than one server, repeat Step 1. Promote or demote servers, if required. Select Enable. In the Query Interval field, enter the duration between synchronization checks. The default is 60 minutes. Click Save Settings.
Ping Utility
This option allows you to send pings to verify status.
Troubleshooting
This option allows you to do the following: Configure the ProxyAV to save log files containing information that might assist Blue Coat Customer Support should the ProxyAV experience difficulties. Download log files in a zip file format. Upload log files to the Blue Coat Support server that are related to a service request (SR) number. To receive an SR number, contact Blue Coat Customer Support. Note: If outgoing ProxyAV connections go through the ProxySG, make sure that SSL intercept is not enabled for https://upload.bluecoat.com. If SSL intercept is enabled, it can cause the upload of log files to fail. If you are using a proxy server, be sure to configure it at Network > Proxy Servers for Updates. To save log files:
1. Select the Enable Keeping Troubleshooting Information Files check box. 2. Click Save Changes.
To download log files:
1. Click the link to download troubleshooting files (log files). The File Download 2. 3.
dialog displays, prompting you to open or save the zip file. Click Save. The Save As dialog box displays. Navigate to the location where you want to save the zip file and click Save.
1. Enter the SR number in the Service Request Number field. 2. Click Send. The ProxyAV initiates the upload of the file logs.zip to the Blue Coat 3. 4.
Support server. The Send Service Information dialog displays the SR number and the upload status. To stop the upload, click Cancel. If the ProxyAV cannot connect to upload.bluecoat.com, the status prompts you that there was a problem connecting to the remote host. To attempt the upload again, click Send.
Note: If the transfer continues to fail, verify that the SR number is valid and has not previously been resolved.
Additional Services
These options allow you to specify additional ProxyAV communication services that can assist administrators or Blue Coat Technical Support to diagnose difficulties. Enable sending Troubleshooting Information files: Allows files containing troubleshooting information to be sent by e-mail or HTTPS upload to Blue Coat Technical Support. Enable tech support remote access: Allows Blue Coat Technical Support to access this ProxyAV. Enable ping to Interface IP: Allows you to ping the interface IP address of this ProxyAV. Enable advanced DNS: Enables use of the emergency list of DNS servers and recursive DNS. Enable connectivity test: Periodically tests connectivity to Blue Coat servers on the Internet; displays a warning on the main page if connectivity is lost. Click Save Changes if you make any changes to these options.
SSL Keyrings
Note: If you are logged in to the ProxyAV Management Console through HTTP, not HTTPS, you cannot configure these options. A keyring holds a key pair and a certificate. When a keyring is created, it only contains a key pair. You can associate a certificate with this keyring. With multiple certificates, you can configure multiple keyrings and associate the certificates and the keyrings. The ProxyAV ships with a default keyring already created. The default keyring contains a certificate and an automatically-generated key pair. Because the default keyring is self-signed, you can create other keyrings signed by a well-known Certificate Signing Authority (CSA). This page allows you to generate new keyrings. To create a new keyring:
1. Click Create; the SSL Keyrings page appears. 2. In the Keyring name field, enter a name. 3. Selecting Show keyring allows the keys, and everything in the keys, to be viewed
and exported.
Select Create new and enter the keyring strength in the bit keyring field. A length of 1024 bits is the maximum (and default). Longer key pairs provide better security, but with a slight performance expense on the ProxyAV. Be aware that the maximum key length allowed for international export might be different than the default. For deployments reaching outside of the United States, determine the maximum key length allowed for export. Click OK. The keyring, containing a keypair, is created with the name you chose. It does not have a certificate associated with it yet. Select Import keyring. In the Keyring field, paste in an already existing keypair. The certificate associated with this keypair must be imported separately. If the keypair that is being imported has been encrypted with a password, select Keyring Password and enter the password into the field. Click OK.
SSL Certificates
Note: If you are logged into the ProxyAV Management Console through HTTP, not HTTPS, you cannot configure these options. The ProxyAV ships with a certificate associated with a default keyring. The certificate, self-signed and associated with the default keyring, can be reused in other keyrings meant for internal use. You can add three kinds of SSL certificates: A self-signed certificate A certificate signed by a CA An external certificate To create a self-signed certificate:
1. From the Keyring drop-down list, select a keyring. 2. Click Create; the SSL Certificates page displays. 3. Fill in the fields as appropriate:
State/Province: Enter the state or province where the machine is located. Country Code: Enter the two-character ISO code of the country. City/Locality: Enter the city. Organization: Enter the name of the company. Unit: Enter the name of the group that will be managing the machine. Common Name: A common name should be the one that contains the URL with which the client access that particular origin server. E-mail Address: The e-mail address you enter must be 40 characters or less. A longer e-mail address will generate an error. Not valid after: From the drop-down lists, select a date after which the certificate is no longer valid. Click OK. After the process is complete, this keypair and certificate can be selected from the Network page for HTTPS encryption.
4.
SSL Client
Select Enable Client/Server HTTPS Connection to enable default AV downloads using HTTPS. Note: The custom AV update location on the Anti-virus > Update settings page operates independently of this option. You can enter a custom https:// location URL there, yet not select to enable HTTPS connections here. To configure the SSL client:
1. Select a Keyring: the default or one that you already created on the Network 2. 3. 4.
page. Select an SSL version. By default, all cipher types and strengths are selected. De-select any if required. Click Save Changes.
CA Certificates
Imports a Certificate Authority certificate to be used for server authentication. Select a certificate and click Import. Select a certificate and click View to examine the certificated details.
History Statistics
Displays various resource usage, connections, and object statistics in three grades: every minute for the last 60 minutes; every hour during the last 24 hours; and every day for the last 30 days. Click a button to change the view: CPU Usage: Displays the percentage of CPU resource consumed, on average for the interval. Memory Usage: Displays the highest level of memory percentage used during the interval. ICAP Objects: The number of ICAP objects received during the interval. Connections: The maximum number of concurrent connections made during the interval. ICAP Bytes: The total size in bytes of ICAP objects received during the interval.
Detailed Statistics
Displays detailed statistics of current transactions. Requests History: Click this link to view the Requests History page, which displays the results of past anti-virus scans. Concurrent connections: Displays the current number of connections to the ProxyAV. Total objects being processed: Displays the number of objects the ProxyAV is currently scanning. A table provides detailed statistics of the objects currently being scanned. The path and name of the object being scanned. The current state of the transaction: Receiving, Queued, Scanning, or Replying. The IP address of the ProxySG that sent the request.
The number of bytes received for scanning. The total time spent processing the object (including the receiving time). The mode used for scanning: Plain or Secure ICAP. For example: http://www.website.com/images/pic.gif Receiving, 111 bytes, 14 ms, Plain http://banners.advertise/adview.php?what=welcome Scanning, 21,631,234 bytes, 30 ms, Secure
Requests History
These options allow you to set the number of past requests to view and refresh the list of requests. Number of requests: This number determines the number of requests that display in the list. Enter a number from zero to 1,000. When the number is set to zero, request logging is disabled. The default number of requests is 50. Click Save Changes to commit your changes to the ProxyAV. o List of requests: Requests are listed in reverse chronological order. The list includes the following information for each request: Timestamp: Date and time the request was processed. ProxySG IP: IP address of the ProxySG that generated the request. Size: Total size (in bytes) of the requested object. Result: Scan result of Clean, Virus, or Error. Time taken: Total time (in ms) it took for the ProxyAV to process the request. Mode: Corresponding ICAP service mode (Plain or Secure).
Click Refresh Now to obtain the most current data about processed requests.
SNMP
These options allow you to configure SNMP information, which allows for integration with network management tools. MIB II and AV MIB are supported, and SNMPv2 and SNMPv3 are both supported. To configure SNMP options:
1. Select Enable SNMP. 2. In the sysLocation field, enter a string that describes the physical location of the 3. 4. 5. 6. 7. 8.
system. For example: 1stFloorLab. In the sysContact field, enter a string that describes the contact person responsible for maintaining this appliance. For example: LabTechNigel. Specify the Trap Community in the Trap Community field, and enter it again in the Verify Trap Community field. Select an Interface for SNMP from the drop-down list: In the Send Traps To fields, enter up to three IP addresses that receive the traps. Select Enable Authorization Traps to allow the ProxyAV to send traps when SNMP authentication failures occur. Select SNMPv2 or SNMPv3: For SNMPv2: Enter the read community name and verification.
Downloading MIBs
A Management Information Base (MIB) is a document (written in the ASN.1 data description language) that contains descriptions of managed objects. SNMP uses a specified set of commands and queries, and the MIBs contain information on these commands and the target objects. To download the MIB files: Click Download MIBs here. The Opening AV_MIBs.zip dialog displays. To open the zip file, click Open. To save the zip file to your hard drive, select Save and navigate to the location on your hard drive to save the file. Note: Depending on your Web browser, the procedure to open or save the zip file might vary slightly.
1. Select Enable Intelligent Connection Traffic Monitoring (ICTM). 2. Specify how many seconds a connection lasts before it is determined to be a
slow download. The minimum is 30 seconds. Blue Coat recommends the default of 60 seconds. The larger the value, the more resources are wasted on suspected infinite stream URLs. Conversely, lower values might tag the downloads of large objects as slow, thus targeting them for termination before the download is complete. Specify the warning threshold: a. Specify how many concurrent connections that have exceeded the duration specified in Step 2 before a warning message is sent. The allowed maximum is the maximum number of ICAP connections allowed by the ProxyAV platform.
3.
Note: By default, an e-mail warning is sent if this threshold is reached. The e-mail is sent to recipients specified on the Alerts > Alerts Settings page. If you disable this option, no warning is sent and nothing is logged in the AlertLog file.
b. Specify the interval, in minutes, that the ProxyAV repeats the warning 4.
messages if the threshold remains breached. Specify the critical threshold. If the number of concurrent slow connections reaches this threshold, the ProxyAV drops enough of these connections (beginning with the oldest connections) to maintain a level below the critical threshold. Oldest connections are dropped first. Keep this value more than the warning threshold (Step 3). Just as for the warning threshold (Step 3b), you can select to send an alert to administrators for each connection that is dropped. See the table below for how default values are calculated. Click Save Changes.
5.
Utilities
These options are designed to help you resolve technical troubles with a ProxyAV.
Reload AV Engines
The ProxyAV reloads its current AV engine by stopping and restarting it. This is similar to rebooting the appliance, but is faster, because it reloads only the AV engine. Reloading the AV engine temporarily interrupts the TCP/IP traffic until the reload is complete.
Reload Drivers
The ProxyAV reloads its drivers. This is similar to rebooting the ProxyAV, but is faster. Use this option if you perform a configuration change that does not appear to be in effect. Reloading the drivers temporarily interrupts the TCP/IP traffic until the reload is complete.
Soft Reboot
This is the equivalent of resetting a computer. It physically reboots the machine. A new entry in the boot.log occurs. Performing a soft reboot temporarily interrupts the TCP/IP traffic until the reboot is complete.
Diagnostics
These diagnostics create relatively large and detailed log files that provide information for troubleshooting certain network configurations. A Blue Coat Technical Support representative might ask you to invoke these internal diagnostics. This additional logging activity affects system performance; therefore, Blue Coat does not recommend using this option except at the request of Blue Coat Technical Support.
DNS Cache
These options allow you to view and clear the contents of the DNS cache.
Configuration Management
These options enable you to manage the ProxyAV configuration files. Save Configuration: Saves the current ProxyAV configurations to a file. Load Configuration: Loads ProxyAV configurations saved to a local file. Click Browse to navigate to the file. (Optional) Select Overwrite current IP configuration with the IP settings from uploaded file to use the IP definitions of the saved file. Click Upload and Apply.
Firmware Updates
The firmware updates represent changes to the functionality of the ProxyAV and can include new features, changes to the user interface, and optimizations for speed and reliability. You can manage update behavior:
Disable Firmware updates-The ProxyAV does not check for the latest update package and you cannot perform a manual update without first deselecting this option. Check, but don't retrieve updates-The default. Once every four hours, the ProxyAV checks for package updates. If one newer software version is identified on the server, the information changes, but no update occurs. You must invoke the update manually (see below). Check and retrieve update-At the specified interval, the ProxyAV checks for package updates. If a new software version is identified on the server, it is downloaded to the ProxyAV, but not installed. To install the update, click Update Now. Direct update-If your network topography requires that the ProxyAV cannot be connected to the Internet, select this option and enter the URL (http://) of your internal server that serves as the repository for software updates. Under Update Location, you can select Use Default for the default Blue Coat location, or enter a URL in the field (Default must be deselected). The ProxyAV checks periodically (several times per day) for these updates. If one is available, the Update Now button becomes active. Because these updates might require a restart of the machine, which could block network traffic for up to three minutes, updates do not occur unless the administrator initiates the update. This allows the update to be performed at the most convenient time. These updates are typically one to five MB in size, and might take a few minutes to download, depending on your Internet connection. The updates to software, firmware, or both are then performed, and the ProxyAV resets itself. Depending on the update, the reset might be just a reload of drivers or it could be a full restart of the machine. The entire process can take anywhere from 30 seconds to 3 minutes, excluding the download time. Note: The ProxyAV continues to check for updated anti-virus engine and pattern files at the interval specified in the Update frequency field on the Antivirus > Update Settings page.
Support
This page displays the contact information for Blue Coat Technical Support. Copyright 1999-2008 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the written consent of Blue Coat Systems, Inc. All right, title and interest in and to the Software and documentation are and shall remain the exclusive property of Blue Coat Systems, Inc. and its licensors. ProxyAV, CacheOS, SGOS, SG, Spyware Interceptor, Scope, RA Connector, RA Manager, Remote Access and MACH5 are trademarks of Blue Coat Systems, Inc. and CacheFlow, Blue Coat, Accelerating The Internet, ProxySG, WinProxy, AccessNow, Ositis, Powering Internet Management, The Ultimate Internet Sharing Solution, Cerberian, Permeo, Permeo Technologies, Inc., and the Cerberian and Permeo logos are registered trademarks of Blue Coat Systems, Inc. All other trademarks contained in this document and in the Software are the property of their respective owners. BLUE COAT SYSTEMS, INC. DISCLAIMS ALL WARRANTIES, CONDITIONS OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON SOFTWARE AND DOCUMENTATION FURNISHED HEREUNDER INCLUDING WITHOUT LIMITATION THE WARRANTIES OF DESIGN, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL BLUE COAT SYSTEMS, INC., ITS SUPPLIERS OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY EVEN IF BLUE COAT SYSTEMS, INC. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.