PureSight Content Filtering Server Installation Manual for use with

Blue Coat® ICAP Protocol

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

ii

PureSight Content Filtering Server Installation Manual – Blue Coat

Copyright Notice Copyright © 2005 bcgi Technologies Ltd. All rights reserved. Any technical documentation that is made available by bcgi Technologies Ltd. is the copyrighted work of bcgi Technologies Ltd. and is owned by bcgi Technologies Ltd. NO WARRANTY: This technical documentation is delivered to you as is, and bcgi Technologies Ltd. makes no warranty as to its accuracy or use. Any use of the technical documentation, or the information contained therein, is at the user's risk. Technical or other inaccuracies, as well as typographical errors, may occur in this document. bcgi Technologies Ltd. reserves the right to make changes without prior notice. No part of this publication may be copied without the express written permission of bcgi Technologies Ltd., 16 Basel St., Petach Tikva 49130, Israel.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Trademark

Trademark The PureSight logo is a trademark of bcgi. All rights reserved. Other company and brand products, as well as service names, are trademarks or registered trademarks of their respective holders.

Technical Support If you require technical support services, contact us at http://www.puresight.com/support

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

iii

iv

PureSight Content Filtering Server Installation Manual – Blue Coat

About This Manual This manual provides instructions for installing PureSight Content Filtering Server with a Blue Coat proxy appliance. It contains the following chapters: Ø Chapter 1, Introduction, introduces PureSight and describes its main features. Ø Chapter 2, Integrating PureSight with Blue Coat, describes how PureSight is integrated with the Blue Coat proxy server, and how it functions on the network. Ø Chapter 3, Installing PureSight Content Filtering Server, provides step-by-step instructions for the PureSight installation procedure and describes basic configuration features. Ø Chapter 4, Uninstalling PureSight Content Filtering Server, provides instructions for stopping, starting and removing PureSight. Ø Chapter 5, Troubleshooting.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Table of Contents

Table of Contents 1

Introduction .......................................................... 1-1 DisCo System Architecture ........................................................... 1-2 System Modules...................................................................................................1-3 Network Architecture Diagram............................................................................1-5

2

Integrating PureSight with Blue Coat ....................... 2-1 How PureSight Works with Blue Coat Server ................................. 2-1 Network Configuration ................................................................. 2-3 Gateway Configuration........................................................................................2-3 Workstation Configuration...................................................................................2-3

Directory Services ........................................................................ 2-4 User Identification ...............................................................................................2-4 Blue Coat Authentication.....................................................................................2-4

Caching....................................................................................... 2-5 Logging ....................................................................................... 2-5

3

Installing PureSight Content Filtering Server ............ 3-1 Installation Process ...................................................................... 3-1 System Requirements.................................................................... 3-2 Installing PureSight Content Filtering Server .................................. 3-2 Before You Begin.................................................................................................3-3

Installing PureSight ...................................................................... 3-3 PureSight Configuration................................................................ 3-9 Configuring Blue Coat Proxy Server to Enable PureSight Content Filtering ......................................................... 3-10

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

v

vi

PureSight Content Filtering Server Installation Manual – Blue Coat

4

Uninstalling PureSight Content Filtering Server ........4-1 Removing PureSight Content Filtering Server from Blue Coat Proxy Server Configuration....................................4-1 Uninstalling PureSight Content Filtering Server ..............................4-2

5

Troubleshooting .....................................................5-1 Performance Hints........................................................................5-2

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Introduction CHAPTER 1

Chapter 1

Introduction

PureSight was created especially for the complex requirements of the modern online corporation or institution. PureSight combines precision Internet filtering capabilities with powerful management tools to offer a highly accurate and reliable Internet content-filtering solution. PureSight is suitable for small, medium, and large organizations, as well as Internet service providers. PureSight is based on proprietary Active Content Recognition (ACR™) technology. Using Artificial Intelligence (AI) algorithms, ACR™ enables PureSight to analyze the HTML page of each requested Web site and categorize the page based on its content. PureSight allows Internet usage policies to be defined, implemented and modified according to the changing needs of the organization.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

1-1

1-2

PureSight Content Filtering Server Installation Manual – Blue Coat

DisCo System Architecture PureSight employs an advanced Distributed Collaborative (DisCo) System architecture. This modular system architecture is designed to maximize management investments by providing flexible integration, improved performance and scalability. Designed to simplify management of a high availability network, PureSight's distributed architecture utilizes three basic modules: PureSight Management Server, PureSight Content Filtering Server and PureSight Log Server. This next generation architecture provides: Ø Centralized management and configuration of all PureSight Content Filtering Servers by a single PureSight Management Server. This also enables large organizations to manage remote branch office sites using the same Management Server, and thereby implementing a centralized policy throughout the organization regardless of physical location. Ø Automatic, unified distribution of configuration changes to all Content Filtering Servers, eliminating the need to configure each server individually. Ø Scalability. One or more additional Content Filtering Servers can be installed as new gateways are added or increased performance is required. PureSight is easily deployed in systems where load-balancing is used to distribute traffic between multiple Content Filtering Servers. Ø Reduced risk for single point of failure. The distributed modular structure enables the PureSight Content Filtering servers to continue filtering, even if the PureSight Management Server or the PureSight Log Server fails or other PureSight Content Filtering Servers are down for maintenance.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Introduction CHAPTER 1

Ø Cross platform support. Each module can be installed on a different operating system (Windows or Linux) and each PureSight Content Filtering Server can be installed on a different platform (Squid, ISA or Blue Coat). The selected platform is transparent to the other modules installed. The role of each of the system modules is described in the next section.

System Modules The basic system architecture is comprised of three modules that interact to provide a complete content filtering solution. The functionality of each of the modules is clearly defined as follows: Ø PureSight Management Server - responsible for configuring and managing all PureSight modules and functions, including the PureSight Log Server and the PureSight Content Filtering Server(s). The PureSight Management Server features an intuitive user-interface that allows the administrator to define and manage the users and filtering policies that support the organization's Internet Acceptable Use Policy. Ø PureSight Content Filtering Server(s) - responsible for analyzing all Internet traffic on the network. PureSight Content Filtering Servers can be installed on platforms located in the organization's Server Farm or on remote machines. The PureSight Content Filtering Server analyzes all HTTP traffic on the gateway where it is installed, and categorizes the content in real-time. According to the Internet Acceptable Use Policy defined on the PureSight Management Server, the PureSight Content Filtering Server then executes an Allow, Block, Monitor or Warn response, as required.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

1-3

1-4

PureSight Content Filtering Server Installation Manual – Blue Coat

All PureSight Content Filtering Servers on the network, regardless of their location, are configured by the PureSight Management Server. This system-wide configuration includes the users and filtering policies that support the organization's Internet Acceptable Use Policy. The PureSight Content Filtering Servers also interact with a single PureSight Log Server, which is responsible for logging all of the filtering activity that takes place in the network. Ø PureSight Log Server - provides real-time tracking, monitoring and accounting information for all Internet activity - the details of all HTTP requests and replies, including time, users and the resulting filtering actions (allow/block/warn). The PureSight Management Server accesses the data on the PureSight Log Server to generate reports on the sites that were visited, the users that access those sites and other information that helps managers to evaluate employee productivity, bandwidth consumption and Internet usage. A single PureSight Log Server logs the activity for all PureSight Content Filtering Servers in the network, regardless of location or platform to enable generating unified reports for all activity. The PureSight Log Server supports logging to the file system or to an SQL database (MySQL). These independent modules can be installed together on one machine or on separate machines, on varying combinations of platforms and operating systems. This architecture is highly flexible and customizable, allowing systems administrators to easily adapt the deployment to their organizations’ network environment. All PureSight Content Filtering Servers on the network, regardless of their location, are configured by the PureSight Management Server. This system-wide configuration includes the users and filtering policies that support the organization's Internet Acceptable Use Policy. The PureSight Content Filtering Servers also interact with a single PureSight Log Server, which is responsible for logging all of the filtering activity that takes place in the network.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Introduction CHAPTER 1

Network Architecture Diagram One possible implementation of the PureSight network architecture is shown in the following diagram:

Figure 1-1: PureSight Network Architecture This diagram reflects the Blue Coat — PureSight deployment. This example shows PureSight deployed in a network with headquarters and two remote branch offices. This network includes one PureSight Management Server for the system-wide configuration of five PureSight Content Filtering Servers and one PureSight Log Server. This system-wide configuration includes the users and filtering policies that support the organization's Internet Acceptable Use Policy.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

1-5

1-6

PureSight Content Filtering Server Installation Manual – Blue Coat

Internet traffic originating in the Headquarters' workstations is monitored by one of three PureSight Content Filtering Servers located in the PureSight Server Farm. Internet traffic originating in the remote branch workstations is monitored by the PureSight Content Filtering Server located on the branch gateway routers. The PureSight Log Server generates logs, the contents of which are stored in a file system or in an SQL database (MySQL) on a separate server.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Integrating PureSight with Blue Coat CHAPTER 2

Chapter 2 Integrating PureSight with Blue Coat

PureSight Content Filtering Server for ICAP is installed on a dedicated server machine along side the Blue Coat proxy. PureSight communicates with Blue Coat via ICAP, to provide Internet Access Management according to the specific policy defined for the requesting user. To learn read more on iCAP implementation go to the iCAP forum at: http://www.i-cap.org/

How PureSight Works with Blue Coat Server The following components are installed during the PureSight installation: Ø ICAP Server: functions as both an ICAP Request Server and ICAP Response server, the ICAP server handles the communication between the Blue Coat proxy appliance and PureSight via ICAP. Ø PureSight ACR™: The "brain" behind PureSight. Its function is to analyze and categorize the requested URLs, and determine how the Blue Coat Server handles URL requests.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

2-1

2-2

PureSight Content Filtering Server Installation Manual – Blue Coat

Ø URL Cache: This component stores previously classified URLs. It allows PureSight to block or allow requested URLs without having to process and classify them more than once via ACR™, and thus enhances performance. Ø Configuration Data Storage: This component includes a local installation of OpenLDAP that is used for storing configuration settings retrieved from the PureSight Management Server.

Figure 2-1: PureSight Operation on the Blue Coat Platform The Blue Coat proxy is configured to run its ICAP client, which is registered for PureSight. Upon receiving an HTTP request sent from a workstation, the Blue Coat Server transfers the request information via ICAP, to PureSight's ICAP server. The ICAP server extracts the required information and passes it on to the ACR™. Similarly, when the reply data to the request is received from the Internet at the Blue Coat proxy, it is forwarded to PureSight for content inspection, which allows the ACR™ to analyze the incoming data content.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Integrating PureSight with Blue Coat CHAPTER 2

According to the specific predefined policy for the requesting user, PureSight's ACR™ will then carry out one of the following actions: Ø Allow the user access to the site Ø Deny the user access to the site, and return a message saying that the site is blocked Ø Return a warning message informing the user that although access is permitted, the site contains inappropriate material This filtering process is transparent to the user when requesting approved URLs.

Network Configuration To ensure a successful PureSight operation, the Blue Coat machine and workstations on the network should be configured properly.

Gateway Configuration To prevent users from bypassing the PureSight filtering mechanism, it is advisable to configure the network gateway (firewall or Internet router) to allow outgoing HTTP requests only from the Blue Coat proxy server.

Workstation Configuration To enable the PureSight filtering mechanism, all traffic from the workstation must be redirected through the Blue Coat proxy server. If a request is not configured to always pass via the Blue Coat, the user's request bypasses PureSight, thus allowing the user direct access to the Internet.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

2-3

2-4

PureSight Content Filtering Server Installation Manual – Blue Coat

Directory Services PureSight supports the assigning of filtering policies to individual members of the organization. Assignment of policies to users can be based on IP addresses, or subnets of IP addresses. If the network in your organization includes one of the following directory servers: Windows NTLM directory, Windows Active Directory, Netscape iPlanet, Novell, or any other LDAP directory server, then policies can be assigned to individual users or groups with accounts in the directory service.

User Identification To enforce directory user’s policies and user based reports, for each request, the requesting user must be identified. In order to support user identification Blue Coat must be configured to authenticate users.

Blue Coat Authentication Blue Coat Proxy Server offers different types of user authentication methods including: NTLM, LDAP, RADIUS and more. In order for PureSight to be able to identify users from one of the supported Directory servers, Blue Coat must be configured to authenticate users in one of the following methods: NTLM or LDAP. If the Blue Coat Proxy Server is not configured to authenticate users, PureSight does not receive any user information from the Blue Coat other than the requesting IP address and therefore is not able to support directory user based policies and reports. Refer to Blue Coat documentation for more information on configuring authentication services.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Integrating PureSight with Blue Coat CHAPTER 2

Caching To improve network performance, PureSight contains a caching mechanism. When a URL request is categorized, the information is saved in the cache. If the URL is requested again, PureSight retrieves the data from the URL cache, avoiding the need to check the site classification again.

Logging The PureSight Log Server is used for storing data describing all Internet activity as it is monitored by PureSight Content Filtering Servers. If the PureSight Log Server is running in database mode, the PureSight Content Filtering Servers sends the log data to the PureSight Log Server, which first saves this data to the local file system and then imports this data to the MySQL database.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

2-5

2-6

PureSight Content Filtering Server Installation Manual – Blue Coat

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

Chapter 3 Installing PureSight Content Filtering Server This chapter describes how to install PureSight Content Filtering Server for ICAP in conjunction with a Blue Coat proxy server. It also details the system requirements and introduces the basic configuration policies.

Installation Process Ø Install PureSight Content Filtering Server for ICAP on a dedicated server. Ø Configure Blue Coat Proxy Server to enable PureSight content filtering.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-1

3-2

PureSight Content Filtering Server Installation Manual – Blue Coat

System Requirements The following minimum system requirements must be met in order to run PureSight with a Blue Coat platform. For the PureSight for ICAP server: Ø The equivalent of Pentium 4 processor or higher Ø 256 MB RAM (minimum) Ø 100 MB free disk space Ø Microsoft Windows 2000 Server or Advanced Server with Service Pack 4 or later, or Microsoft Datacenter Server, or Microsoft Windows 2003 Enterprise. Ø For the Blue Coat proxy machine: Ø Blue Coat SG800 or higher. Ø Software version SGOS 3.2.4.8 or higher.

Installing PureSight Content Filtering Server PureSight Content Filtering Server for ICAP is installed on a dedicated machine, using a self-extracting installation file. The installation process installs the following components: Ø OpenLDAP Server — installed as a service, this component is used for local storage of configuration settings, as set by the PureSight Management Server Ø ICAP Server — installed as a service, handles the communication between the Blue Coat proxy appliance and PureSight via ICAP protocol Ø PureSight Content Filtering Server data files Ø PureSight utilities

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

During the installation you will be prompted to confirm or enter various settings. You can accept the default settings or enter alternative values, as required.

Before You Begin PureSight Management Server must be installed before you attempt to install a PureSight Content Filtering Server. In addition, the PureSight Content Filtering Server must have access to the blocking mechanism port and the OpenLDAP port of the PureSight Management Server storage. Verify that these ports are open and accessible in order to retrieve the server configuration and enable the blocking mechanism. It is recommended that you remove any previous installations of PureSight PC and PureSight server products before installing new versions of PureSight.

Installing PureSight The PureSight application is installed via a self-extracting installation file, PureSight_ICAP_4.7_win32.exe. The installation process installs an ICAP Server as a service which handles all communication between PureSight and the ICAP client.

¾

To install PureSight:

1 Log in with administrator privileges to the server machine. 2 Close all open applications and windows. 3 Double-click PureSight_ICAP_4.7_win32.exe to run the PureSight installation program.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-3

3-4

PureSight Content Filtering Server Installation Manual – Blue Coat

The Welcome window of the PureSight ICAP Server Setup wizard is displayed:

4 Click Next. The License Agreement window is displayed:

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

5 Select I accept the terms of the license agreement to accept the licensing terms, and click Next. The User Information window is displayed:

6 Enter your user name and company name in the designated fields, and click Next. The Destination Folder window is displayed:

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-5

3-6

PureSight Content Filtering Server Installation Manual – Blue Coat

7 Click Next to accept the default location for the destination folder, or click Browse to select an alternate location and then click Next. The PureSight ICAP Server Parameters window is displayed:

8 Enter the selected ICAP Request Server port and Response Server port and click Next.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

The PureSight Management Server window is displayed:

NOTE:

If the PureSight Management Server is installed on the same machine then the IP address and port of the PureSight Management Server will be disabled.

9 The following parameters are required to enable the PureSight Content Filtering Server to connect to the PureSight Management Server and to retrieve configuration data regarding users, policies, filters, server license and other settings: ™ Enter the IP address of the OpenLDAP server on the PureSight Management Server machine in the PureSight Management Server OpenLDAP server IP field. ™ Enter the port of the OpenLDAP server on the PureSight Management Server machine in the PureSight Management OpenLDAP server port field. NOTE:

If the PureSight Filtering Server is installed on the same machine as the PureSight Management Server, the IP and Port will be grayed out

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-7

3-8

PureSight Content Filtering Server Installation Manual – Blue Coat

10 Click Next. The PureSight for ICAP Server configuration storage windows is displayed. 11 Enter the port of the configuration storage OpenLDAP server on the PureSight Content Filtering Server for ICAP machine in the Port field. 12 Click Next. The Program Folder window is displayed.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

13 Select the program folder into which program icons are to be added from the list displayed and click Next. The InstallShield Wizard Compete window is displayed:

14 Click Finish. The installation process is complete.

PureSight Configuration After successfully installing PureSight, you will need to initialize the PureSight Content Filtering Server and enter a valid license key in order to activate the filtering mechanism. The PureSight Management Server is responsible for configuring and managing all PureSight modules and functions, including the PureSight Log Server and the PureSight Content Filtering Server(s). Configuration of the PureSight Content Filtering Server(s) is performed using PureSight's intuitive user-interface — the PureSight Administration Tool. For details on configuring the PureSight Content Filtering Server, please refer to Chapter 3, Configuring PureSight Content Filtering Servers in the PureSight User's Guide.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-9

3-10

PureSight Content Filtering Server Installation Manual – Blue Coat

Configuring Blue Coat Proxy Server to Enable PureSight Content Filtering Blue Coat Proxy Server must be configured to direct HTTP traffic to PureSight for content analysis. The communication between Blue Coat Proxy Server and PureSight Content Filtering Server is via ICAP, where Blue Coat is running an ICAP client and PureSight is running two ICAP servers, one for the HTTP request and one for the HTTP response. ICAP allows for both request and response information to be transferred between the two servers. In the following procedure we will define two ICAP services, one for handling the HTTP requests and the other for the HTTP responses Once the ICAP services will be available the Blue Coat policy will be edited and two new policy layers will be defined, one for the HTTP request and one for the HTTP response. For each layer the action item needs to be defined and added to the policy.

¾

To define ICAP services:

1 Log on to the Blue Coat web user interface. 2 Click Management Console to open the Blue Coat Management Console window.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

3 From the Configuration Menu, click External Services and select ICAP. The ICAP Services page is displayed.

4 Click New. The Add List Item dialog is displayed:

5 Enter a name for the PureSight Request ICAP service, e.g. PureSightREQ, in the Add ICAP Service field and click OK. 6 Select the PureSightREQ service from the service list and click Edit. The Edit ICAP Service PureSightREQ dialog is displayed.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-11

3-12

PureSight Content Filtering Server Installation Manual – Blue Coat

7 Enter the PureSight ICAP Server information in the Service URL field. The information should be in the following format: ICAP://: TIP:

The default PureSight Request Server port is 1344

8 Click Sense settings. The Blue Coat Proxy Server will try to connect to the PureSight ICAP server. Upon success, the Sense Settings Successfully dialog will appear. Click OK. The PureSight ICAP Request Server default values will be applied for the ICAP service parameters.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

If an error occurs, the following message will be displayed: "Unable to retrieve service information from ICAP Server“. Recheck the PureSight ICAP Server information, including IP address and port number or refer to Chapter 5, Troubleshooting.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-13

3-14

PureSight Content Filtering Server Installation Manual – Blue Coat

9 Make sure that the Request Modification radio button is selected. 10 Select all the Send: check boxes: Client address, Server address, Authenticated user and Authenticated groups. Click OK. 11 Click New. The Add List Item dialog is displayed:

12 Enter a name for the PureSight Response ICAP service, e.g. PureSightRESP, in the Add ICAP Service field and click OK. 13 Select the PureSightRESP service from the service list and click Edit. The Edit ICAP Service PureSightRESP dialog is displayed. 14 Enter the PureSight ICAP Server information in the Service URL field. The information should be in the following format: ICAP://: TIP:

The default PureSight Response Server port is 1345

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

15 Click Sense settings. The Blue Coat Proxy Server will try connecting to the PureSight ICAP server. Upon success, the Sense Settings Successfully dialog will appear. Click OK. The PureSight ICAP Response Server default values will be applied for the ICAP service parameters. If an error occurs, the following message will be displayed: "Unable to retrieve service information from ICAP Server". Recheck the PureSight ICAP Server information, including IP address and port number or refer to Chapter 5, Troubleshooting.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-15

3-16

PureSight Content Filtering Server Installation Manual – Blue Coat

16 Make sure that the Response Modification radio button is selected. 17 Select all the Send: check boxes: Client address, Server address, Authenticated user and Authenticated groups. Click OK. 18 Click Apply to save changes.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

¾

To configure Blue Coat Policy:

1 Log on to the Blue Coat web user interface. 2 Click Management Console to open the Blue Coat Management Console window. 3 From the Configuration Menu, click Policy and select Visual Policy Manager (VPM). The Visual Policy Manager page is displayed. 4 Click Launch. The Blue Coat Visual Policy Manager dialog is displayed. 5 From the toolbar Menu click Policy menu and select "Add Web Content Layer“ The Add New Layer dialog is displayed:

6 Enter a name for the layer, e.g. PureSightReqLayer and click OK.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-17

3-18

PureSight Content Filtering Server Installation Manual – Blue Coat

7 The newly created layer is added to the policy as an additional tab. Select the PureSightReqLayer tab and right-click on the Action field (Use Default Caching). From the pop-up menu, select Set… The Set Action Object dialog is displayed:

8 Click New… and select Combined Action Object from the pop-up menu.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

The Add Combined Action Object dialog is displayed:

9 Enter a unique name, e.g. PureSightCombinedRequestAction, in the Name field. 10 From the action list on the left, select Check Authorization and click Add >>. 11 Click New… and select Set ICAP Request Service… from the pop-up menu.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-19

3-20

PureSight Content Filtering Server Installation Manual – Blue Coat

The Add ICAP Request Service Object dialog is displayed.

12 Enter a unique name for the ICAP request service object (e.g. ICAPRequestService), in the Name field. 13 Choose the PureSight Request Service (puresightreq) from the Use ICAP request service dropdown list. 14 Make sure the Deny the client request (recommended) radio button is selected. 15 Click OK. 16 The new ICAP Request Service Object (ICAPRequestService) will be displayed In the Add Combined Action Object dialog actions list.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

17 Select the ICAPRequestService and click Add >> to add it to the Selected Action Objects.

18 Click OK to save the newly created combined object. 19 Click OK to set the action for the Request layer. From the toolbar Policy menu select Add Web Content Layer… The Add New Layer dialog is displayed:

20 Enter a name for the layer, e.g. PureSightRespLayer and click OK.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-21

3-22

PureSight Content Filtering Server Installation Manual – Blue Coat

21 The newly created layer is added to the policy as an additional tab. Select the PureSightRespLayer tab and right-click the Action (Use Default Caching). From the pop-up menu, select Set… The Set Action Object dialog is displayed:

22 Click New… and select Combined Action Object from the pop-up menu.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

The Add Combined Action Object dialog is displayed.

23 Enter a unique name, e.g. PureSightCombinedResponseAction, in the Name field. 24 From the action list on the left, select Check Authorization and click Add >>.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-23

3-24

PureSight Content Filtering Server Installation Manual – Blue Coat

25 Click New… and select Set ICAP Response Service… from the pop-up menu. The Add ICAP Response Service Object dialog is displayed.

26 Enter a unique name for the ICAP response service object (e.g. ICAPResponseService), in the Name field. 27 Choose the PureSight Response Service (puresightresp) from the Use ICAP response service dropdown list. 28 Make sure the Deny the client request (recommended) radio button is selected. 29 Click OK. 30 The new ICAP Response Service Object (ICAPResponseService) will be displayed In the Add Combined Action Object dialog actions list.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Installing PureSight Content Filtering Server CHAPTER 3

31 Select the ICAPResponseService and click Add >> to add it to the Selected Action Objects. 32 Click OK. 33 Click OK. 34 After you confirm the two new layers where added click on the "Install Policy" button to apply the changes. Once that PureSight has been installed and activated with a license key, and the Blue Coat Proxy Server has been configured to direct HTTP traffic to PureSight, you can check the installation by surfing to adult content. The default policy in PureSight is set to block adult content at all times, and therefore you will receive the default PureSight blocking message.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

3-25

Uninstalling PureSight Content Filtering Server CHAPTER 4

Chapter 4 Uninstalling PureSight Content Filtering Server This chapter describes how to: Ø Remove PureSight Content Filtering Server from Blue Coat Proxy Server configuration. Ø Uninstall PureSight Content Filtering Server for ICAP.

Removing PureSight Content Filtering Server from Blue Coat Proxy Server Configuration Blue Coat Proxy Server requires reconfiguration in order to remove all communication between Blue Coat Proxy Server and PureSight Content Filtering Server for ICAP.

¾

To remove PureSight from Blue Coat:

1 Log on to the Blue Coat web user interface. 2 Click Management Console to open the Blue Coat Management Console window. 3 From the Configuration Menu, click Policy and select Visual Policy Manager. The Visual Policy Manager page is displayed. 4 Click Launch. The Blue Coat Visual Policy Manager dialog is displayed.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

4-1

4-2

PureSight Content Filtering Server Installation Manual – Blue Coat

5 Select the PureSightReqLayer tab and right-click the Action (PureSightCombinedRequestAction). From the pop-up menu, select Delete. 6 From the Edit menu, select Delete Layer to delete the Request Layer. 7 Repeat steps 5 and 6 for the PureSightRespLayer and PureSightCombinedResponseAction. 8 Click Install Policy to apply changes and close the Blue Coat Visual Policy Manager dialog. 9 From the Configuration Menu, click External Services and select ICAP. The ICAP Services page is displayed. 10 Select the PureSightREQ and the PureSightRESP services and click Delete. 11 Click Apply to save changes.

Uninstalling PureSight Content Filtering Server Once the Blue Coat Proxy Server is configured to ignore PureSight, it is safe to uninstall and remove PureSight Content Filtering Server.

¾

To uninstall PureSight:

1 Log on to the PureSight Management Server GUI and select the Servers tab. 2 Mark the PureSight Content Filtering Server that you wish to uninstall and click the Delete Selected Items button. 3 On the PureSight Content Filtering Server machine, access the Control Panel window. 4 Double-click the Add/Remove Programs icon. The Add/Remove Programs Properties window is displayed.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

Uninstalling PureSight Content Filtering Server CHAPTER 4

5 On the Install/Uninstall tab, select PureSight for ICAP from the displayed list of programs. 6 Click the Change/Remove button. A dialog box is displayed. 7 In the dialog box, select Remove, then click Next and follow the onscreen instructions. Microsoft Windows stops all PureSight services and uninstalls all PureSight components.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

4-3

Troubleshooting CHAPTER 5

Chapter 5 Troubleshooting

This chapter includes information to assist you in handling troubleshooting problems that may arise in the installation process. Problem

Solution

Network is set to use an upstream proxy server, however the blocking page cannot be viewed.

When an upstream proxy is defined, all the HTTP requests are forwarded to the upstream proxy, including the PureSight blocking page. However, the PureSight blocking pages resides on the PureSight Management Server and therefore is accessed via an internal IP address. In order to view the blocking page, you must define that requests going to ports 4999 (blocking) and 5000 (access to the PureSight Administration tool) go direct and are not upstreamed.

The following error occurred when defining the PureSight ICAP service on Blue Coat: ”Unable to retrieve service information from icap server“

Check the IP address and port numbers defined in the ICAP service parameters. If the parameters are correct check that the PureSight ICAP Server service is started on the PureSight Content Filtering Server machine.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM

5-1

5-2

PureSight Content Filtering Server Installation Manual – Blue Coat

Performance Hints Ø Due to the fact that PureSight only analyzes HTTP text traffic it is recommend that only text files are forwarded to PureSight (html,txt,js,asp, etc). You can define a rule that any other extension will not be transferred to PureSight’s request and response servers. Ø If you install PureSight Log Server you can disable the Blue Coat logging mechanism to enhance performance.

Last printed: 9/21/2005 2:22:00 PM Last saved: 9/21/2005 2:22:00 PM