Hello again. If you are here, you are probably looking for some HowTo help on FireEye Integration With BlueCoat Proxy, or perhaps you have already completed that and are looking for a good splash page to use for FireEye blocks. Either way, I thank you for stopping by, and hope to be of some assistance if possible. When I started working on the integration it was actually fairly simplistic, in that the proxy is just using the FireEye output as an input for the Central Policy file, which we … [Read more...]
BlueCoat Proxy – Web URL Category Review / Best Practices
This page will attempt to assist you in building a Web URL Category review process, as well as provide best practice recommendations from BlueCoat and my own personal experience with BlueCoat. BlueCoat does not update their Web URL Categories very often, but it does happen about once every 12-18 months. In earlier times, they were not very helpful about this and normally only included a single email to subscribed users (a very manual process - it is not created for you when you purchase a … [Read more...]
Word To Enterprises… Update Your Security Kit Regularly
Often times when I come to a company it is to bolster, revamp or help them re-evaluate their web security posture, with a focus on data exfiltration investigations and outbound web proxy is a great place to start. 90% of the time, when I finally gain access to the management console, I am greeted by an appalling SGOS 5.4 or 5.5 header across the top... This is sad because those versions of code were released 4-5 years ago, and have since been replaced by a much much richer SGOS code, with many … [Read more...]
Web Proxy And The Need For SSL Decryption
Most organizations will deploy a Web Proxy solution, but not intercept HTTPS traffic to do SSL decryption and inspection. This may be done for various reasons * Not yet having a PKI infrastructure to manage the SSL browser certificates * Perhaps the AD/GPO team doesn’t want to manage SSL certificate on the user PC * Security teams may be weary about man-in-the-middle issues * Maybe SSL interception just wasn’t a concern at the time. Without doing SSL decryption and inspection our … [Read more...]
BlueCoat Proxy – Log Injection For Rule Tracking
Unfortunately BlueCoat doesn't have a nice and fancy log tracker type utility like CheckPoint has in Smart Tracker, so the rules do not have numbers. However, you can work around this by using some log injection smoke and mirror tricks. There are a few unused (or not very often used) log variables that can be used in conjunction with a specific action on a rule, that when matched, will create a log line with a piece of text of your choosing. … [Read more...]
FireEye Integration With BlueCoat Proxy
This tutorial will assist you in setting up FireEye Integration With BlueCoat Proxy, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc... … [Read more...]
Blue Coat ProxySG – Splash Page Updates
In my previous blathering’s about BlueCoat splash pages, I always had used the variable $(cs-categories) to identify which BlueCoat WebFilter (BCWF) the requested URL was a child of. But this displays ALL the categories that a specific URL/site is a member of, not just the one that is the criteria for the block. In your day to day administration and troubleshooting of BlueCoat proxy, you have no doubt seen URL’s/site’s with multiple categorizations. You are probably also familiar with trying … [Read more...]
Blue Coat ProxySG – Issues Upgrading SGOS From 5.5.x.x to 6.2.x.x
Following an upgrade on a Blue Coat ProxySG 600-10, from 5.5.3.31 to 6.2.9.1, I encountered the errors below, and was unable to pass traffic thru the proxy using the BlueCoat WebFilter categories for "Allow"/"Deny". As this specific ProxySG is a non-production device, there are very minimal users working with it, and the first I noticed of the issue, was an email from the ProxySG itself. From: ProxySG@Company-X.com [mailto: ProxySG@Company-X.com] Sent: Thursday, June 14, 2012 1:51 … [Read more...]
FTP Client Authentication Syntax For BlueCoat ProxySG
In this example the syntax used is the "Checkpoint" method. FileZilla Open FileZilla Edit-->Settings...-->FTP-->FTP Proxy-->Click Custom-->Enter the syntax below: USER %u@%s@%h PASS %p@%w Fill in the following: Proxy Host - 123.123.123.123 Proxy User - NTID Proxy Pass - NTPass Click OK to get to the main screen again. Fill in the following: Host: - ftp.server-u-need-2-get-2.com Username - username on ftp server Password - password on ftp server Port - … [Read more...]
Blue Coat – HowTo Set Up A Policy Trace To Debug Access Issues
Problem Description: Policy tracing is primarily used when debugging access to web sites. When something is allowed and it should be denied, or vice-versa, using the policy trace feature is the best way to diagnose the issue. Resolution: Enabling a policy trace Open the “Configuration” tab, expand “Policy” radio button Launch the visual policy manager (VPM) Click the “Web access layer (trace)” tab on the VPM Right-Click the source of an existing rule and click on … [Read more...]