SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version /12/13. Product Information. Version & Platform SGOS 6.

Full text



Blue Coat Implementation Guide

Technical note

Version 1.0 23/12/13

Product Information

Partner Name Blue Coat Systems, Inc. Web Site

Product Name ProxySG Version & Platform SGOS 6.5



Blue Coat Implementation Guide


Revision 1.0, December, 2013 Published by Clearswift Ltd. © 1995–2013 Clearswift Ltd. All rights reserved.

The materials contained herein are the sole property of Clearswift Ltd unless otherwise stated. The property of Clearswift may not be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or

otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd.

Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss

suffered as a result of such similarities.

The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd. All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside,

Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography.



Blue Coat Implementation Guide


1   Introduction ... 4  

2   Architecture Overview ... 4  

3   Clearswift SECURE ICAP Gateway Configuration ... 5  

4   Blue Coat ProxySG Configuration ... 6  

5   Feature List ... 11  

5.1   Certified Platform ... 11  



Blue Coat Implementation Guide



The Clearswift SECURE ICAP Gateway is an ICAP server that provides all the Clearswift Content inspection functionality to Blue Coat ProxySG product. This document describes the steps to take when deploying and integrating both products.


Architecture Overview

The Blue Coat ProxySG is a scalable, high performance web security product that can extend its capabilities through the addition of external components. The communication between the different elements is performed using the Internet Content Adaptation Protocol (ICAP). In such configurations, the ProxySG performs the communication between the user and the Internet, redirecting the selected requests or responses to the available ICAP servers.



Blue Coat ProxySG

Clearswift SECURE ICAP Gateway



Blue Coat Implementation Guide


Clearswift SECURE ICAP Gateway Configuration

The Blue Coat ProxySG acts as an ICAP client, as it sends requests for content to be inspected. The Clearswift ICAP Gateway act as an ICAP server, as it responds to requests made by the ProxySG.

The ICAP Gateway only scans requests from registered ICAP clients’ served. Thus, the IP address that the ProxySG will be using to communicate to the ICAP Gateway is required in order to perform the configuration.

Configuration is done on the “ICAP Server Configuration” page, available under the System menu.

In the ICAP Clients area all of the ProxySG deployed servers must be configured. The Clearswift ICAP Gateway is configured to listen on the port 1344, the default ICAP communications port. This can be modified if required through the

configuration page.



Blue Coat Implementation Guide

order to identify them individually, different service URLs are used. These can be defined in the “ICAP Services Configuration” box, including whether message previewing option will be accepted or not.

Additionally, the Clearswift SECURE ICAP Gateway can be configured to log specific actions and to have an appropriate logging level.

It must be noted that a high log level can have a negative performance impact on the platform.


Blue Coat ProxySG Configuration

The Blue Coat ProxySG allows creating policies to send content for inspection by the ICAP Gateway. The following steps should be taken as a basic configuration guideline, and never be taken as the optimum configuration.

It is required that the configuration is done by an administrator with working knowledge of the platforms involved.

The entire configuration of the ProxySG is done through the management web interface. The steps to redirect the users’ requests and responses follow:

1. Connect to the Blue Coat web interface. Open a web browser and point it to https://Blue_Coat_IP_address:8082.



Blue Coat Implementation Guide

3. In the Blue Coat Management UI, browse to ICAP Services configuration under the “External Services” option in the “Configuration” tab.



Blue Coat Implementation Guide

5. ICAP feedback can be configured, such as when to show the patience page to the user while the inspection takes place.

6. A pool of SECURE ICAP Gateways can be configured so that ProxySG will make requests evenly through the pool. In order to do that, a Service Group needs to be configured containing the available ICAP Gateways.

Once the basic configuration has been done, the policy needs to be set up so that the selected requests or responses are sent to the SECURE ICAP Gateway for inspection. This process will usually be performed on an existing ProxySG. Thus, the policy will need to be modified for the redirection.

As a simple reference, the following steps show how to configure a basic policy for inspecting requests from users and responses from servers.



Blue Coat Implementation Guide

2. In the appropriate Web Content Layer policy set a new action object.

3. Select the previously created ICAP services so that the content that hits this rule is redirected to the ICAP Gateway for inspection.

Logs provide information to validate that the integration has been properly done. 1. Enable access logging by selecting the option in the web interface and



Blue Coat Implementation Guide

2. In the log tail of the main log, new entries should be shown with “404 TCP_NC_MISS” which correspond to the tests that the ProxySG does to validate that the ICAP Gateway is running.



Blue Coat Implementation Guide


Feature List


Certified Platform

Certification Environment

Product Name Version Information Operating System

Clearswift SECURE ICAP Gateway 3.1.1 Virtual Appliance Blue Coat Proxy SG 300 Series

500 Series SGOS 6.5.1


Feature List

Feature Benefit


ICAP server Connect to existing ICAP clients within your infrastructure. Supported ICAP client: Blue Coat Proxy SG

Flexible deployment options: Hardware,

Software image, VMware vSphere Provides full flexibility to adapt to your organization’s IT strategy.

Active Directory (AD) / LDAP integration Full user-based policy control for flexible policy and audit reporting bygroup or individual.


Flexible and granular policy controls Easily define policies to enable and allow Web 2.0 usage while minimizingrisk.

Facebook, LinkedIn, Twitter and YouTube policy

Allow access to Web 2.0 sites, but only to content and features allowed by your policy.

Policy direction to provide additional contextPrevent certain file types, e.g. spreadsheets, from being uploaded but allow them to be downloaded.

Customizable block pages Educate users by providing personalized feedback on their actions.

Data Loss Prevention

Adaptive Redaction: Data Redaction (Optional)

Modify content in real time to avoid delaying business processes while protecting sensitive information.

Adaptive Redaction: Document Sanitization (Optional)

Prevent hidden information within documents (e.g. metadata, properties, or quick save data) from being leaked.

Adaptive Redaction: Structural Sanitization (Optional)

Detect and strip active content from documents and HTML pages to protect from APT’s and unknown threats.

Clearswift Information Governance Server integration (Optional)

Detect full or partial files being uploaded or downloaded. Allow tracking of any information traversing the SECURE ICAP Gateway.

External data source connection Accurately identify data from your databases that is found in transit. Lexical analysis and regular expression rules Search file content for key words and phrases using simple or more complex

pattern matching to identify sensitive data in over 200 character encodings. Pre-defined sensitive data templates Identify credit card, bank account, social security and national security


Compliance dictionaries Multi-language editable compliance dictionaries including GLBA, HIPAA, SEC, SOX, PCI and PII to minimize risks.

Predefined Tokens Multiple, including: Credit Card, Social Security, IBAN, National Insurance, Tax file number, German Identity, Business Identifier Code

MIMEsweeper true ‘binary file-type’ identification

Accurate binary based identification with the ability to define own file signatures.


Bi-directional virus and anti-malware scanning

Stops known and unknown malware infection entering or leaving the network. Bi-directional anti-spyware scanning Stops spyware, adware, key loggers and spyware call homes from infected




Blue Coat Implementation Guide

Feature Benefit

Real-time categorization engine Prevents access to new or uncategorized sites with inappropriate content. Content aware recursive inspection Decomposes the requests and responses to provide true detection of content

like executables even when embedded in other file types or compressed containers.

Management and Reporting

Intuitive web-based interface Ease of use and no requirement to learn complex syntax or operating system commands.

Pre-defined customizable reports Easy to modify, run and share graphical reports with intuitive drill down. Scheduled reporting Allows create once, run and distribute many times with circulation via email. Multi-Gateway consolidated reporting Consolidated reporting view of user’s activities for easier analysis and sharing of

management data.





Related subjects :