Blue Coat® Systems
ProxySG™
SGOS 4.x Upgrade Guide
Download from Www.Somanuals.com. All Manuals Search And Download.
Contents
Changes Between SGOS 3.x and SGOS 4.x......................................................................................................5
Changing Between SGOS 4.x Versions ..........................................................................................................10
Licensing.............................................................................................................................................................10
Hardware Supported ........................................................................................................................................12
Bandwidth Management..................................................................................................................................17
CPU Monitoring ...............................................................................................................................................19
Endpoint Mapper and SOCKS Compression ................................................................................................20
Securing the Serial Port ....................................................................................................................................30
SmartFilter Version 4 ........................................................................................................................................30
SSL Key Management.......................................................................................................................................30
iii
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
iv
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 1: Upgrading—Overview
®
Blue Coat strongly recommends that you read this document before attempting to upgrade to SGOS
4.x from previous ProxySG operating systems.
Existing features and policies might not perform as with previous versions, and upgrading to this
version might require some additional configuration tuning. This SGOS version provides high
security for the network, so when downgrading to previous versions, not all configurations and
policies are retained.
Changes Between SGOS 3.x and SGOS 4.x
Unlike SGOS 3.x, SGOS 4.x does not permit upgrades from SGOS 2.x or CacheOS 4.x. All systems
must be upgraded to SGOS 3.2.4 before being upgraded to SGOS 4.x. For information on the correct
If you attempt to download the next major release and you receive an error message saying that the
download failed due to policy deprecations, your policy uses constructs that are no longer supported
in SGOS 4.x. You must correct any policy syntax problems before upgrading.For information on
checking on policy deprecation, see "Policy Deprecation" on page 22.
If the upgrade path is followed, most of the current settings on the ProxySG are maintained after the
upgrade. New or transformed settings in SGOS 4.x are taken from the original settings wherever
possible.
About the Document Organization
This document is organized for easy reference, and is divided into the following sections and chapters:
Table 1.1: Document Organization
Chapter Title
Description
Chapter 1 – Introducing the Upgrade/Downgrade
Guide
Upgrade differences between SGOS 3.2.x and SGOS 4.x. Blue
Coat documentation and documentation conventions are
also discussed.
Chapter 2 – Upgrade Behavior, General
Chapter 3 – Upgrade Behavior, Specifics
This chapter discusses general upgrade issues, including the
required upgrade path and licensing.
This chapter identifies new features in SGOS 4.x and
discusses any upgrade/ downgrade issues.
Related Blue Coat Documentation
•
•
•
•
Blue Coat 6000 and 7000 Installation Guide
Blue Coat 400 Series Installation Guide
Blue Coat 800 Series Installation Guide
Blue Coat 8000 Series Installation Guide
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
•
•
•
Blue Coat ProxySG Configuration and Management Guide
Blue Coat ProxySG Content Policy Language Guide
Blue Coat ProxySG Command Line Interface Reference
Document Conventions
The following section lists the typographical and Command Line Interface (CLI) syntax conventions
used in this manual.
Table 1.2: Typographic Conventions
Conventions
Italics
Definition
The first use of a new or Blue Coat-proprietary term.
Courier font
Command line text that appears on your administrator
workstation.
Courier Italics
A command line variable that is to be substituted with a literal
name or value pertaining to the appropriate facet of your network
system.
Courier Boldface
A ProxySG literal to be entered as shown.
{ }
One of the parameters enclosed within the braces must be
supplied
[ ]
|
An optional parameter or parameters.
Either the parameter before or after the pipe character can or must
be selected, but not both.
6
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2: Upgrade Behavior, General
Upgrading
When upgrading to SGOS 4.x from SGOS 3.2.4 or higher, the ProxySG saves a copy of the original
configurations. These configurations remain unaffected when configuring features going forward. If
you downgrade to the previous SGOS version, the saved configuration is used and the ProxySG is
restored to that state.
Following the upgrade path provided maintains most of the current settings, the exceptions being
those features that were substantially enhanced in SGOS 4.x.
The only supported direct upgrade is from SGOS 3.2.4 and later. CacheOS 4.x and SGOS 2.x systems
must first be upgraded to the SGOS 3.2.4 release. The following table provides the upgrade paths for
these earlier version.
Table 2.1: Upgrade Paths
Current OS
Direct Upgrade Next OS version Comments
to SGOS 3.2.4? required
CA 1.0.00-CA3.1.15
CA 3.1.16
No
No
No
No
No
No
No
Yes
No
No
No
Yes
No
Yes
CA 3.1.16
CA 4.1.10
CA 3.5.08
CA 4.1.10
CA 4.1.10
SG 2.1.07
CA 4.2.01
None
CA 3.5.00-CA3.5.07
CA 3.5.08
CA 4.0.00-CA4.1.09
CA 4.1.10 or greater
CA 4.2.00
CA 4.2.01 or greater
SA 1.0.00-SA2.0.x
SA 2.0.x
Can directly upgrade to SGOS 3.2.4
SA 2.0.x
SA 4.1.10
SA 4.1.10
None
SA 4.0.00-SA4.1.09
SA 4.1.10 or greater
SG 2.0.00-SG 2.1.06
SG 2.1.07 or greater
Can directly upgrade to SGOS 3.2.4.
Can directly upgrade to SGOS 3.2.4.
SG 2.1.07
None
In SGOS 3.2.4 or greater, deprecation warnings are issued for CPL syntax that is abandoned in SGOS
4.x. Use of abandoned syntax causes CPL compiler errors, the policy will fail to install and the
ProxySG will use the default policy of ALLOW or DENY for all traffic. Following the recommended
upgrade process ensures that policy integrity and therefore network security, are maintained.
7
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Summary of Changes to the Upgrade Process
•
The upgrade path must include a system that shows all possible deprecation warnings, so that
these can be corrected in advance of the upgrade, to avoid policy compilation failures after
upgrading. Migrating through SGOS 3.2.4 or greater satisfies this requirement.
•
If the currently installed policy issued deprecation warnings when compiled, downloads of
systems in which that syntax has been abandoned will fail with the error " ". Which error
message you see depends on whether you were using the Management Console or the CLI.
From the Management Console:
Policy deprecation warnings exist. Please resolve them prior to upgrading to the next major release of
system software
From the CLI:
WARNING: The installed policy contains deprecation warnings. Please fix these
warnings prior to upgrading to the next major release, or use load upgrade
ignore-warnings at your own risk. Upgrading to the next major release with
deprecation warnings will cause the policy compilation to fail on boot.
This means that you cannot download major version upgrades while policy contains deprecated
syntax.
Deprecation" on page 22 for instructions on how to view the deprecation warnings that indicate
the syntax to be corrected.
Note: The Visual Policy Manager (VPM) automatically generates up-to-date CPL syntax. If the
deprecations warnings are issued from the VPM policy file, you should start VPM and
reload the policy to get the latest version of the generated CPL.
You can force an upgrade while deprecation warnings are present using the CLI command load
upgrade ignore-warnings; however, policy compilation will fail after the upgrade and the
ProxySG reverts to the default policy of ALLOW or DENY. Corrective action is required to restore
normal operation.
•
Any CPL local policy that performs operations such as ALLOW, DENY, Authenticate, or Redirect,
or that modifies Cookie/ Set-Cookie headers, might interfere with the Notify User policy. Before
using the VPM Notify User policy, remove all coaching/ splash/ notify policy from the CPL local
policy file.
Restoring to Previous Versions
When upgrading from the SGOS 3.2.4 or higher release, a copy of the settings is saved prior to any
transformations by SGOS 4.x so that the original settings are available if the ProxySG is downgraded
to SGOS 3.2.4.
Keep in mind that changes made after upgrade are not preserved on a downgrade. After an upgrade
and a downgrade, the state is exactly what it was before the upgrade.
8
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2: Upgrade Behavior, General
Redoing an Upgrade from SGOS 3.2.4
When the initial SGOS 4.x upgrade occurs, any compatible configurations are converted. This only
happens the first time you upgrade; if you later downgrade to a pre-SGOS 4.x version by selecting an
earlier image on your system, make configuration changes, and re-install SGOS 4.x, the new SGOS
3.2.4 changes are not propagated to SGOS 4.x.
To force the new system's configuration to be regenerated after changes are made to the older system's
configuration, you will need to force the upgrade conversion to occur again. Use the
restore-sgos3-configcommand, which converts the current SGOS 3.x configuration to the SGOS
4.x configuration.
Note: Previous force commands, restore-sgos2-configand restore-cacheos4-config, are not
available in SGOS 4.x; they can only be run from earlier versions.
The restore-sgos3-config command first checks if there are saved SGOS 3.2.4 settings on the
ProxySG. If not, the CLI command warns the administrator and exits.
If saved SGOS 3 settings exist, the restore-sgos3-configcommand warns the administrator that all
the current SGOS 4.x settings will be lost and that a restart will be initiated, waiting for positive
confirmation before clearing all the current SGOS 4.x settings, and then initiating a restart. The restart
(similar to a restart regular) triggers the upgrade process, which copies over the SGOS 3 settings
and transforms them to the SGOS 4.x settings.
Redoing an Upgrade from SGOS 2.x or CacheOS 4.x
To downgrade to capture changes to the older version’s configuration, you must first launch the SGOS
3.x image, then select the SGOS 2.x or CacheOS 4.x version to launch. After you make the desired
changes, you must follow the upgrade path back to SGOS 3.2.4, using the restore-sgos2-config or
The restore-sgos2-config or restore-cacheos4-config command first checks if there are saved
SGOS 2.x or CacheOS 4.x settings on the ProxySG. If not, the CLI command warns the administrator
and exits.
Important: Check for deprecation warnings after upgrading to 3.2.4 and before proceeding to SGOS
4.x.
If saved settings exist, the command warns the administrator that all the current next version settings
will be lost and that a restart will be initiated, waiting for positive confirmation before clearing all the
current next version settings, and then initiates a restart. The restart (similar to a restart regular)
triggers the upgrade process, which copies over the settings and transform them to the next version
settings.
9
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Changing Between SGOS 4.x Versions
When moving from one SGOS 4.x release to another SGOS 4.x release, the system maintains all
settings. Changes made after an upgrade continue to be available after a subsequent downgrade as
long as the setting is relevant to the downgraded release.
Note: When upgrading or downgrading between versions of SGOS 4.x, copies of version-specific
configurations are not retained. Instead, all configurations created in an upgrade are retained
if the configuration is relevant to the downgrade version.
Care should be taken when using policy features introduced in a minor release. These cause
compilation errors if you fall back to a previous version of the same major release in which those
features were unsupported.
To prevent accidental fallbacks, you should remove unused system images (using the
installed_systems delete number,from the (config installed-systems)prompt).
Licensing
In SGOS 4.x, a base license is issued for SGOS 4.x functionality, regardless of whether those features
existed before SGOS 4.x or are new in SGOS 4.x.
If you upgrade from SGOS 3.x with a valid SGOS 4.x component license, the ProxySG lists the licensed
components with their expiry dates; those components that are not licensed enter a 60-day trial
period.
If you upgrade from SGOS 3.x without a valid SGOS 4.x component license, all licensable components
enter a trial period; the ProxySG attempts to download a license from the Blue Coat license download
site once a day for the duration of the SGOS 4.x trial period.
There are three types of licensable components:
•
Required—The SGOS base.
•
•
Included—Additional features provided by Blue Coat.
Optional— If applicable, any additional purchased features.
When the license key file is created, it consists of all three components. The SGOS base is a required
component of the license key file. The following table lists the ProxySG licensable components,
categorized by type.
Table 2.2: Licensable Components
Type
Component
Description
Required
SGOS 4 Base
The ProxySG operating system, plus base features: HTTP, FTP, TCP-Tunnel,
SOCKS, and DNS proxy. The following additional features are also included
in the base license:
Included
3rd Party Onbox
Content Filtering
Allows use with third-party vendor databases: Intersafe, Optenet, Proventia,
SmartFilter, SurfControl, Websense, and Webwasher.
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 2: Upgrade Behavior, General
Table 2.2: Licensable Components (Continued)
Type
Component
Description
Included
Websense
Offbox Content
Filtering
For Websense off-box support only.
Included
Included
ICAP Services
External virus and content scanning with ICAP servers.
Bandwidth
Management
Allows you to classify, control, and, if required, limit the amount of
bandwidth used by different classes of network traffic flowing into or out of
the ProxySG.
Included
Included
Included
Included
Windows Media
Standard
MMS proxy; no caching or splitting; content pass-through. Full policy control
over MMS.
Real Media
Standard
RTSP proxy; no caching or splitting; content pass-through. Full policy control
over RTSP.
AppleQuickTime RTSP proxy; no caching or splitting; content pass-through. Full policy control
Basic
over RTSP.
Netegrity
Allows realm initialization and user authentication to SiteMinder servers.
SiteMinder
Included
Included
Oblix COREid
Peer-to-Peer
Allows realm initialization and user authentication to COREid servers.
Allows you to recognize and manage peer-to-peer P2P activity relating to P2P
file sharing applications.
Included
Optional
Compression
SSL
Allows reduction to file sizes without losing any data.
SSL Termination; includes an SSL termination card to be installed on the
appliance.
Optional
IM
• AOL Instant Messaging: AIM proxy with policy support for AOL Instant
Messenger.
• MSN Instant Messaging: MSN proxy with policy support for MSN Instant
Messenger.
• Yahoo Instant Messaging: Yahoo proxy with policy support for Yahoo
Instant Messenger.
Optional
Optional
Windows Media
Premium
•
•
•
MMS proxy; content caching and splitting.
Full policy control over MMS.
When the maximum concurrent streams is reached, all further streams are
denied and the client receives a message.
Real Media
Premium
•
•
•
RTSP proxy; content caching and splitting.
Full policy control over RTSP.
When the maximum concurrent streams is reached, all further streams are
denied and the client receives a message.
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Hardware Supported
With SGOS v4.x, support for the ProxySG Series 600 and 700 systems has been dropped. Users with
these systems must either upgrade their hardware or stay with SGOS v3.x. Blue Coat supports the
following hardware:
•
•
•
•
•
•
ProxySG Series 200
ProxySG Series 400
ProxySG Series 800
ProxySG Series 6000
ProxySG Series 7000
ProxySG Series 8000
Documentation References
•
Chapter 2, “Licensing,” in the Blue Coat ProxySG Configuration and Management Guide
•
To do an upgrade for the ProxySG through the Management Console, refer to Chapter 21,
“Maintenance,” Blue Coat ProxySG Configuration and Management Guide.
•
Blue Coat ProxySG Command Line Reference
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
This chapter provides critical information concerning how specific features are affected by upgrading
to SGOS 4.x (and if relevant downgrading from) and provides actions administrators must or are
recommended to take as a result of upgrading.
This chapter contains the following sections:.
•
and log, and the new substitutions.
•
•
•
•
•
"Content Filtering"—Discusses downgrade behavior for new third-party vendors.
"CPU Monitoring"—Allows you to see the percentage of CPU being used by specific functional
groups.
•
compression.
•
•
"ICAP Patience Page"—Discusses new and changed commands for Patience Page settings.
"Policy"—Lists new VPM objects and CPL syntax, abandoned substitutions, new exception pages,
and new object naming and UTF-8 encoding in VPM.
•
•
•
port.
version 4.
"SSL Key Management"—Discusses new non-interactive commands to enhance SSL key
management available through Director.
Note: If a topic is not discussed, it means no upgrade or downgrade issues exist for that feature:
for example, event logging has no changed functionality from previous versions and will
not be discussed in this document.
Access Logging
Access Logging has added new features in SGOS 4.x:
•
•
•
A global enable/ disable switch: See below.
A P2P format and log: See "Peer-to-Peer" on page 15.
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Global Enable/Disable Switch
In SGOS 4.x, you can enable or disable access logging on a global basis, both through the Management
Console (Access Logging>General>Global Settings) and the CLI.
When logging is disabled, that setting overrides both policy and logging configuration. When access
logging is enabled, policy settings override the access logging configuration.
Note: Access-log uploads are not affected by the global enable/ disable switch; disabling access
logging does not disable the ability to upload existing log files.
On new systems, by default, access logging is disabled, but certain protocols are configured to use
specific logs. When access logging is enabled, logging begins immediately for all configured
protocols.
If you are upgrading your system, your existing protocol configurations are preserved and access
logging is enabled by default so that logging will continue as previously configured. Protocols new in
SGOS 4.x are set to have a default log of nonein this case.
Note: If you do not have a license for bandwidth management, access log uploads will not be
bandwidth limited, even if they were bandwidth-limited in SGOS 3.x.
Certain protocols now have logs assigned to them by default. The defaults can be changed.
Note: Protocols are not associated with a log by default upon an upgrade. They are only associated
with a default on new SGOS 4.x systems.:
Table 3.1: Default Logs and Protocols
Protocol
Log
Endpoint Mapper
FTP
main
main
HTTP/HTTPS
ICP
main
none
Instant Messaging
Peer to Peer
Real Media/QuickTime
SOCKS
im
p2p
streaming
none
TCP Tunneling
Telnet
main
none
Windows Media
streaming
New CLI Commands
SGOS#(config access-log) enable
SGOS#(config access-log) disable
Document References
Chapter 20, “Access Logging,” in the Blue Coat ProxySG Configuration and Management Guide
14
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
Peer-to-Peer
The ProxySG recognizes peer-to-peer (P2P) activity relating to P2P file sharing applications. By
constructing policy, you can control, block, and log P2P activity and limit the bandwidth consumed by
P2P traffic.
Upgrade Behavior
•
•
•
A new default format and a log called p2p is created.
The default p2p format is associated with the p2p log.
If a format called p2p already exists, the format is renamed to p2p_user. Any log referencing the old
p2p format will, after the upgrade, start referencing p2p_user. If both p2p and p2p_user exist prior to
the upgrade, then format p2p is renamed to p2p_user1 so the new default format p2p can be
created.
•
If a log called p2p already exists, a new log is not created.
CLI Compatibility Issues
None.
Documentation References
•
•
•
Chapter 15, “Advanced Policy,” in the Blue Coat ProxySG Configuration and Management Guide
Chapter 14, “VPM,” in the Blue Coat ProxySG Configuration and Management Guide
The Blue Coat Content Policy Language Guide
New Access Logging Substitutions
The following substitutions can be used in access logging and policy:
Note: The access log ignores any ELFF or custom format fields it doesn’t understand. In a
downgrade, the format still contains all the fields used in the upgraded version, but only the
valid fields for the downgraded version display any information.
Table 3.2: New Substitutions
ELFF
x-exception-category $(exception.category_
-review-url review_url)
CPL
Description
Used for categorization review for certain
Content Filtering vendors. The substitution
contains only the categorization review URL
which is composed of the originally requested
URL and the standard prefix. The values are
empty if the selected content filter provider
does not support review messages, or if the
provider was not consulted for categorization,
or if the categorization process failed due to an
error.
15
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Table 3.2: New Substitutions (Continued)
ELFF CPL
x-exception-category $(exception.category_
Description
An HTML-formatted message suitable for
inclusion in an exception page. The values are
empty if the selected content filter provider
does not support review messages, or if the
provider was not consulted for categorization,
or if the categorization process failed due to an
error.
-review-message
review_message)
x-p2p-client-type
$(p2p.client)
The name of the P2P network the client
application is connected to. In case of non-P2P
traffic, this substitution variable does not have
a value.
x-cs-netbios-
computer-name
$(netbios.computer-
name)
The NetBIOS name of the computer. This is an
empty string if the query fails or the name is
not reported.
x-cs-netbios-
computer-domain
$(netbios.computer-
domain)
The name of the domain to which the
computer belongs. This is an empty string if
the query fails or the name is not reported.
x-cs-netbios-
messenger-username
$(netbios.messenger-
username)
The name of the logged-in user. This is an
empty string if the query fails or the name is
not reported. It is also empty if there is more
than one logged-in user.
x-cs-netbios-
messenger-usernames usernames)
$(netbios.messenger-
A comma-separated list of the all the
messenger usernames reported by the target
computer. This is an empty string if the query
fails, or no names are reported.
x-cs-socks-
compression
Compresses data on the client connection.
x-sr-socks-
compression
Compresses data on the server connection.
x-virus-details
$(icap_virus_details)
$(icap_error_code)
Details of a virus if one was detected.
ICAP error code.
x-icap-error-code
x-icap-error-details $(icap_error_details)
ICAP error details.
cs(Content-Encoding) $(request.header.
Content-Encoding)
Client Response header: Content-Encoding.
This substitution allows you to monitor the
effect of the new HTTP compression features.
rs(Accept-Encoding) $(response.header.
Accept-Encoding)
Server Request header: Accept-Encoding
This substitution allows you to monitor the
effect of the new HTTP compression features.
A new substitution modifier—label(N)—has been added. It is used in conjunction with the
client.host substitution variable in defining Policy Substitution Realms. For example,
$(client.host:label(2)) could be used in the definition of a Policy Substitution Realm to set the
user name from the results of a reverse DNS Lookup. For more information on the :label( )
modifier, refer to Appendix D “Substitutions,” in the Blue Coat Content Policy Language Guide.
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
Authentication
Two new realms—policy substitution and Oblix COREid—have been added in SGOS 4.x.
•
COREid Realm—The ProxySG can be configured to consult an Oblix COREid (formerly known as
Oblix NetPoint) Access Server for authentication and session management decisions. This
requires that a COREid realm be configured on the ProxySG and policy written to use that realm
for authentication.
•
Policy Substitution Realm—A Policy Substitution realm provides a mechanism for identifying and
authorizing users based on information in the request. The realm uses information in the request
and about the client to identify the user. The realm is configured to construct user identity
in support of this feature.
In addition, RADIUS realms now support one-time passwords, and Netegrity realms now allow you
to enable or disable client IP validation.
Upgrade Behavior
COREid and Policy Substitution realms: These new realms have no upgrade issues. On a downgrade,
the realms will not be recognized and could cause policy compilation to fail if they are referenced by
policy.
Netegrity: On an upgrade, the new realm option for client IP validation is added to existing realms
with the default value of enabled so that the behavior remains as it was. On a downgrade, the value
is ignored and all SiteMinder realms do client IP validation.
Administrator Actions
You must upgrade to the latest version of the Blue Coat Authorization and Authentication Agent
(BCAAA) before you can use the new COREid realm.
Documentation References
•
Chapter 9, “Using Authentication Services,” in the Blue Coat ProxySG Configuration and
Management Guide
Bandwidth Management
Bandwidth management allows you to classify, control, and, if required, limit the amount of
bandwidth used by different classes of network traffic flowing into or out of the ProxySG. Network
resource sharing (or link sharing) is done using a bandwidth-management hierarchy where multiple
traffic classes share available bandwidth in a controlled manner.
Bandwidth management provides the following features:
•
Guarantees that certain traffic classes receive a specified minimum amount of available
bandwidth.
•
•
Limits certain traffic classes to a specified maximum amount of bandwidth.
Prioritizes certain traffic classes to determine which classes have priority over available
bandwidth.
17
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Upgrade Behavior
As BWM is a new feature, upgrade issues are restricted to previously existing bandwidth
configuration that will now be subsumed into the BWM configuration.
BWM does not replace the older bandwidth limiting features currently available in Streaming (max
streaming, max Real and max MMS). It complements it.
BWM replaces the bandwidth-limiting configuration in Access Logging. Related BWM classes are
automatically created based on the older Access Log bandwidth configuration and placed under the
class "access-log-logname,” where lognameis the name of the log.
Downgrade Behavior
If downgraded, the access log behaves as previously configured.
Documentation References
Chapter 10, “Bandwidth Management,” in the Blue Coat ProxySG Configuration and Management Guide.
Compression
In SGOS 4.x, Blue Coat offers both HTTP compression and SOCKS compress.
•
HTTP Compression is an algorithm that reduces a file size but does not lose any data. When you
use compression depends upon three resources: server-side bandwidth, client-side bandwidth,
and ProxySG CPU. If server-side bandwidth is more expensive in your environment than CPU,
then you should always request compressed content from the origin content server (OCS).
However, if CPU is comparatively expensive, the ProxySG should instead be configured to ask the
OCS for the same HTTP compressions that the client asked for and to forward whatever the server
returns.
The default configuration assumes that CPU is costlier than bandwidth. If this is not the case, you
can change the ProxySG behavior.
•
SOCKS compression is supported for TCP/ IP tunnels, which can compress the data transferred
between the branch (downstream proxy) and main office (upstream proxy), reducing bandwidth
consumption and improving latency.
When SOCKS compression is used in conjunction with the new Blue Coat Endpoint Mapper
(EPMapper) proxy, the Endpoint Mapper proxy accelerates Microsoft RPC traffic (applications
that use dynamic port numbers) between branch and main offices, automatically creating TCP
tunnels to ports where RPC services are running.
Upgrade Behavior
Prior to SGOS 4.x, the HTTP proxy did not cache objects if the server sent compressed content. With
HTTP compression and variant object support, objects are now cached regardless of its encoding (if all
other conditions allows caching).
With variant object support, multiple copies of the same object (variants) might exist in the cache, and
that might affect object carrying capacity of the disk.
On-box compression and decompression can significantly affect CPU and RAM usage. This will
directly affect the capacity of the box.
18
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
On an upgrade, cached HTTP objects are usable. On a downgrade, cached HTTP objects fetched after
the upgrade are re-fetched.
Documentation References
•
•
Chapter 6, “Configuring Proxies,” in the Blue Coat ProxySG Configuration and Management Guide
The Blue Coat Content Policy Language Guide
Content Filtering
•
Cerberian content filtering has changed its name to Blue Coat Web Filter (BCWF). No upgrade
issues exist. On a downgrade, the vendor noneis selected instead of any unsupported choice.
Note: During the 60-day SGOS trial period, no username or password is required to use Blue
Coat Web Filter. For more information, refer to “Configuring Blue Coat Web Filter” in
Chapter 18 of the Blue Coat ProxySG Configuration and Management Guide.
•
•
Three new content filtering third-party vendors —InterSafe, Optenet, and Webwasher—have been
added in SGOS 4.x. These new vendors cause no upgrade issues. On a downgrade, the vendor
noneis selected instead of any unsupported choice.
The Websense log protocol changed from version 1 to version 3 in SGOS 3.2.x.
Documentation References
Chapter 18, “Content Filtering,” in the Blue Coat ProxySG Configuration and Management Guide
CPU Monitoring
You can enable CPU monitoring whenever you want to see the percentage of CPU being used by
specific functional groups. CPU monitoring is disabled by default.
You can also view CPU monitoring statistics through Statistics>Advanced>Diagnostics.
CLI Commands
The following commands allow you to enable and manage CPU monitoring:
Table 3.3: New CLI Commands for CPU Monitor
Command
Description
SGOS#(config diagnostics) cpu-monitor
{enable | disable}
Enables or disables the CPU monitor.
SGOS#(config diagnostics) cpu-monitor
Sets the interval between CPU monitoring.
interval seconds
SGOS#(config diagnostics) view cpu-monitor View CPU monitor statistics.
Documentation References
Appendix E, “Diagnostics,” in the Blue Coat ProxySG Configuration and Management Guide.
19
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Endpoint Mapper and SOCKS Compression
The Endpoint Mapper proxy accelerates Microsoft RPC traffic between branch and main offices,
automatically creating TCP tunnels to ports where RPC services are running. The Endpoint Mapper
proxy can be used in both explicit and transparent mode.
Using SOCKS compression for TCP/ IP tunnels reduces bandwidth consumption and improves
latency.
No configuration is required on the main office ProxySG to support SOCKS compression. However,
configuration is required on the branch ProxySG to forward data through the SOCKS gateway. You
can use policy or the socks-gatewayCLI options to enable SOCKS compression globally. Using
policy, you can enable or disable compression on a per-connection basis on either the client side or the
server side.
You must also configure the branch ProxySG for the Endpoint Mapper proxy.
Upgrade/Downgrade Behavior
•
•
•
•
On new or upgraded systems, compression on the SOCKS proxy is enabled by default. SOCKS
compression is disabled by default on the SOCKS forwarding host.
On new or upgraded systems, the Endpoint Mapper proxy service is created, but not enabled, on
port 135.
If you downgrade the main office ProxySG but not the branch ProxySG, the branch office might
still attempt compression, but compression will fail.
On an upgraded system, the SOCKS proxy settings and policy is unchanged from the
downgraded version.
Documentation References
•
Chapter 5, “Managing Port Services,” in the Blue Coat ProxySG Configuration and Management
Guide
•
Chapter 6, “Configuring Proxies,” in the Blue Coat ProxySG Configuration and Management Guide
ICAP Patience Page
Patience pages display regardless of any pop-up blocking policy that is in effect.
CLI Changes and Additions
The following CLI commands have been modified:
Table 3.4: Changed CLI Syntax
Abandoned Syntax
Current Syntax
inline http icap-patience-details eof
inline http icap-patience-header eof
inline http icap-patience-help eof
inline http icap-patience-summary eof
inline http icap-patience details eof
inline http icap-patience header eof
inline http icap-patience help eof
inline http icap-patience summary eof
New commands created to view Patience Page settings are:
20
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
• SGOS#(config external-services) view http icap-patience details
• SGOS#(config external-services) view http icap-patience header
• SGOS#(config external-services) view http icap-patience help
• SGOS#(config external-services) view http icap-patience summary
Documentation References
Chapter 11, “External Services,” in the Blue Coat ProxySG Configuration and Management Guide
Policy
In SGOS 4.x, the following properties and objects have been added:
•
Actions and Properties (Action objects)
❐
❐
❐
❐
❐
❐
❐
❐
❐
❐
❐
❐
category.dynamic.mode (used with dynamic categorization in VPM)
detect_protocol (not available in VPM)
force_protocol (not available in VPM)
http.allow_compression (used with client compression in VPM)
http.allow_decompression (used with client compression in VPM)
http.client.allow_encoding (not available in VPM)
http.server.accept_encoding (used with server compression in VPM)
http.server.accept_encoding.allow_unknown (used with server compression in VPM)
limit_bandwidth (used with bandwidth management in VPM)
Notify User object (not available in CPL)
SOCKS.allow_compression (Used with SOCKS compression in VPM)
SOCKS.gateway.request_compression (Used with SOCKS compression in VPM)
•
•
Conditions (Source objects)
❐
❐
http.connect (not available in VPM)
p2p.client (used with P2P client object in VPM)
Properties (Service objects)
❐
❐
icap_error_code (used with ICAP in VPM)
virus_detected (used with ICAP in VPM)
In addition, the following conditions can now be used in the <Forward> layer:
•
•
•
•
attribute.<name>=
authenticated=
group=
realm=
21
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
•
•
•
•
•
user=
user.domain=
user.x509.issuer=
user.x509.serialNumber=
user.x509.subject=
The authenticated= condition can be used to test whether or not the user information is available.
Forward layer rules containing the other new authentication conditions will fail to match if there is no
associated user, regardless of the value specified in the test.
Two new named definitions have been added—define policy and define strong. (A named definition
is one that is explicitly referenced by policy.) Since a copy of the files of the original operating system
version has been saved, later-version changes, such as new named definitions, are not available in the
downgrade.
Policy Deprecation
Syntax that was deprecated in SGOS 3.2.4 has been abandoned in SGOS 4.x, and this syntax must be
corrected before an upgrade can be successfully completed. For information on replacement syntax,
see "CPL", below.
To check for policy deprecation warnings:
•
In the Management Console:
Configuration > Policy > Policy Files
From the View File:dropdown list, select Results of Policy Load, and press View.
-or-
Statistics>Advanced>Policy>Results of policy load
•
•
From a browser:
https:/ / ProxySG_IP:port / policy_import_listing.html
At the CLI command prompt:
SGOS >show policy listing
To check for deprecation warnings in exception pages:
•
In the Management Console:
Configuration > Policy > Exceptions
From the View File:dropdown list, select Results of Exceptions Load, and press View
-or-
Statistics>Advanced>Exceptions>View last installation status
•
From a browser:
https:/ / ProxySG_IP:port/ exceptions_listing.html
Note: You cannot check for warnings in exception pages through the CLI.
Documentation References
•
•
Chapter 14, “VPM,” in the Blue Coat ProxySG Configuration and Management Guide
The Blue Coat Content Policy Language Guide
22
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
CPL
Syntax that was deprecated in SGOS 3.x has been abandoned in SGOS 4.x. Policy that includes
abandoned syntax should be corrected before you attempt to upgrade the system. The standard
upgrade path and process are designed to ensure the integrity of policy and the security of your
network. Blue Coat strongly recommends that you follow the approved upgrade path and correct any
policy deprecation warnings prior to upgrading to SGOS 4.x.
Policy that has been abandoned is listed in the tables below.
Table 3.5: Abandoned Definition Syntax
Abandoned Syntax
define acl
Replacement Syntax
define subnet
define_actions
None. Actions can be defined anywhere in the policy .
domain (as a condition definition type) url.domain
prefix (as a condition definition type) url
caseless
None. All response-side URL rewrites are now case
insensitive by default.
subst_embedded
rewrite_url_substring
(in a url_rewrite transform definition)
subst_prefix
rewrite_url_prefix
(in a url_rewrite transform definition)
Table 3.6: Abandoned Section Syntax
Abandoned Syntax
Replacement Syntax
[url.domain]
[url.domain]
[url]
[Domain] section heading
[Domain-Suffix] section heading
[Prefix] section heading
[Regex] section heading
[url.regex]
[url.regex]
[Regular-expression] section heading
Table 3.7: Abandoned Substitution Syntax
Abandoned Syntax
Replacement Syntax
'(1)
'1
$(1)
$(1)
$(1)
$1
Table 3.8: Abandoned Policy Conditions
Abandoned Syntax
acl=
Replacement Syntax
client.address=
category.unavailable=
client_address=
client_protocol=
method= (in <admin> layers)
method=
category=unavailable
client.address=
client.protocol=
admin.access=READ|WRITE
See Method Tests
23
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Table 3.8: Abandoned Policy Conditions (Continued) (Continued)
protocol=
url.scheme=
proxy_address=
proxy.address
proxy_card=
proxy.card
proxy_port=
proxy.port
release_id=
release.id=
release_version=
request_header.<name>=
request_header_address.<name>=
request_x_header.<name>=
request_x_header_address.<name>=
response_header.<name>=
response_x_header.<name>=
url_address=
release.version=
request.header.<name>=
request.header.<name>.address=
request.x_header.<name>=
request.x_header.<name>.address=
response.header.<name>=
response.x_header.<name>=
url.address=
url_domain=
url.domain=
url_extension=
url.extension=
url.host=
url_host=
url_host_is_numeric=
url_host_no_name=
url_host_regex=
url_host_suffix=
url_path=
url.host.is_numeric=
url.host.no_name=
url.host.regex=
url.host.suffix=
url.path=
url_path_regex=
url_port=
url.path.regex=
url.port=
url_prefix=
url=
url_query_regex=
url_regex=
url.query.regex=
url.regex=
url_scheme=
url.scheme=
user_domain=
user.domain=
virus_pattern_update_url=
None. All supported ICAP versions provide automatic
notification of pattern file updates.
Table 3.9: Abandoned Policy Properties
Abandoned Syntax
Replacement Syntax
property(value)
Move to proxy layer
property=value syntax
authenticate() (in cache layer)
authenticate([,display_realm])
the optional “display_realm” property value is abandoned
in favor of specification in the realm configuration.
block_category()
content_filter_override()
label()
category= in conjunction with exception()
request.filter_service()
action()
max_bitrate(0)
max_bitrate(no)
24
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
Table 3.9: Abandoned Policy Properties (Continued)
prefetch()
pipeline()
authenticate()
proxy_authentication()
reflect_vip()
service()
reflect_ip()
allow or deny
trace.destination()
trace.level()
trace.request()
trace.rules()
trace_destination()
trace_level()
trace_request()
trace_rules()
Table 3.10: Abandoned Policy Actions
Abandoned Syntax
replace()
Replacement Syntax
rewrite()
virus_check()
response.icap_service() (a property)
Table 3.11: Abandoned Substitution Tokens
Abandoned CPL
Current CPL
appliance_name
appliance.name
appliance_primary_address
client_address
appliance.primary_address
client.address
client_protocol
client.protocol
proxy_address
proxy.address
proxy_card
proxy.card
proxy_name
proxy.name
proxy_port
proxy.port
proxy_primary_address
proxy_via_http_version
release_id
proxy.primary_address
proxy.via_http_version
release.id
request_header.Accept
request_header.Accept-Charset
request_header.Accept-Encoding
request_header.Accept-Language
request_header.Accept-Ranges
request_header.Age
request.header.Accept
request.header.Accept-Charset
request.header.Accept-Encoding
request.header.Accept-Language
request.header.Accept-Ranges
request.header.Age
request_header.Allow
request_header.Authentication-Info
request_header.Authorization
request_header.Cache-Control
request_header.Client-IP
request_header.Connection
request_header.Content-Encoding
request.header.Allow
request.header.Authentication-Info
request.header.Authorization
request.header.Cache-Control
request.header.Client-IP
request.header.Connection
request.header.Content-Encoding
25
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Table 3.11: Abandoned Substitution Tokens (Continued)
Abandoned CPL
Current CPL
request_header.Content-Language
request_header.Content-Length
request_header.Content-Location
request_header.Content-MD5
request_header.Content-Range
request_header.Content-Type
request_header.Cookie
request.header.Content-Language
request.header.Content-Length
request.header.Content-Location
request.header.Content-MD5
request.header.Content-Range
request.header.Content-Type
request.header.Cookie
request_header.Cookie2
request.header.Cookie2
request_header.Date
request.header.Date
request_header.Etag
request.header.Etag
request_header.Expect
request.header.Expect
request_header.Expires
request.header.Expires
request_header.From
request.header.From
request_header.Front-End-HTTPS
request_header.Host
request.header.Front-End-HTTPS
request.header.Host
request_header.If-Match
request_header.If-Modified-Since
request_header.If-None-Match
request_header.If-Range
request_header.If-Unmodified-Since
request_header.Last-Modified
request_header.Location
request_header.Max-Forwards
request_header.Meter
request.header.If-Match
request.header.If-Modified-Since
request.header.If-None-Match
request.header.If-Range
request.header.If-Unmodified-Since
request.header.Last-Modified
request.header.Location
request.header.Max-Forwards
request.header.Meter
request_header.P3P
request.header.P3P
request_header.Pragma
request.header.Pragma
request_header.Proxy-Authenticate
request_header.Proxy-Authorization
request_header.Proxy-Connection
request_header.Range
request.header.Proxy-Authenticate
request.header.Proxy-Authorization
request.header.Proxy-Connection
request.header.Range
request_header.Referer
request.header.Referer
request_header.Refresh
request.header.Refresh
request_header.Retry-After
request_header.Server
request.header.Retry-After
request.header.Server
request_header.Set-Cookie
request_header.Set-Cookie2
request_header.TE
request.header.Set-Cookie
request.header.Set-Cookie2
request.header.TE
request_header.Trailer
request.header.Trailer
request_header.Transfer-Encoding
request_header.Upgrade
request.header.Transfer-Encoding
request.header.Upgrade
26
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
Table 3.11: Abandoned Substitution Tokens (Continued)
Abandoned CPL
Current CPL
request_header.User-Agent
request_header.Vary
request.header.User-Agent
request.header.Vary
request_header.Via
request.header.Via
request_header.WWW-Authenticate
request_header.Warning
request.header.WWW-Authenticate
request.header.Warning
request_header.X-BlueCoat-Error
request_header.X-BlueCoat-MC-Client-Ip
request_header.X-BlueCoat-Via
request_header.X-Forwarded-For
response_header.Accept
request.header.X-BlueCoat-Error
request.header.X-BlueCoat-MC-Client-Ip
request.header.X-BlueCoat-Via
request.header.X-Forwarded-For
response.header.Accept
response_header.Accept-Charset
response_header.Accept-Encoding
response_header.Accept-Language
response_header.Accept-Ranges
response_header.Age
response.header.Accept-Charset
response.header.Accept-Encoding
response.header.Accept-Language
response.header.Accept-Ranges
response.header.Age
response_header.Allow
response.header.Allow
response_header.Authentication-Info
response_header.Authorization
response_header.Cache-Control
response_header.Client-IP
response_header.Connection
response_header.Content-Encoding
response_header.Content-Language
response_header.Content-Length
response_header.Content-Location
response_header.Content-MD5
response_header.Content-Range
response_header.Content-Type
response_header.Cookie
response.header.Authentication-Info
response.header.Authorization
response.header.Cache-Control
response.header.Client-IP
response.header.Connection
response.header.Content-Encoding
response.header.Content-Language
response.header.Content-Length
response.header.Content-Location
response.header.Content-MD5
response.header.Content-Range
response.header.Content-Type
response.header.Cookie
response_header.Cookie2
response.header.Cookie2
response_header.If-Modified-Since
response_header.If-None-Match
response_header.If-Range
response.header.If-Modified-Since
response.header.If-None-Match
response.header.If-Range
response_header.If-Unmodified-Since
response_header.Last-Modified
response_header.Location
response.header.If-Unmodified-Since
response.header.Last-Modified
response.header.Location
response_header.Max-Forwards
response_header.Meter
response.header.Max-Forwards
response.header.Meter
response_header.P3P
response.header.P3P
response_header.Pragma
response.header.Pragma
27
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
Table 3.11: Abandoned Substitution Tokens (Continued)
Abandoned CPL
Current CPL
response_header.Proxy-Authenticate
response_header.Proxy-Authorization
response_header.Proxy-Connection
response_header.Range
response.header.Proxy-Authenticate
response.header.Proxy-Authorization
response.header.Proxy-Connection
response.header.Range
response_header.Referer
response.header.Referer
response.header.Refresh
response.header.Retry-After
response.header.Server
response_header.Refresh
response_header.Retry-After
response_header.Server
response_header.Set-Cookie
response_header.Set-Cookie2
response_header.TE
response.header.Set-Cookie
response.header.Set-Cookie2
response.header.TE
response_header.Trailer
response.header.Trailer
response.header.Transfer-Encoding
response.header.Upgrade
response.header.User-Agent
response.header.Vary
response_header.Transfer-Encoding
response_header.Upgrade
response_header.User-Agent
response_header.Vary
response_header.Via
response.header.Via
response_header.WWW-Authenticate
response_header.Warning
response.header.WWW-Authenticate
response.header.Warning
response.header.X-BlueCoat-Error
response_header.X-BlueCoat-Error
response_header.X-BlueCoat-MC-Client-Ip response.header.X-BlueCoat-MC-Client-Ip
response_header.X-BlueCoat-Via
response_header.X-Forwarded-For
transaction_id
url_address
response.header.X-BlueCoat-Via
response.header.X-Forwarded-For
transaction.id
url.address
url_extension
url_host
url.extension
url.host
url_host_name
url_path
url.hostname
url.pathquery
url_port
url.port
url_query
url.query
url_scheme
url.scheme
Documentation References
Appendix D, “Substitutions,” in the Blue Coat Content Policy Language Guide
Exception Pages
A number of built-in exception pages have been added to SGOS 4.x to send information back to the
user under operational contexts that are known to occur. New exception pages include:
28
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
•
•
HTML Notification
❐
❐
notify
notify_missing_cookie
Compression
❐
❐
❐
transformation_error
unsupported_encoding
invalid_response
•
ICAP
❐
icap_error (should be used in place of the existing icap_communications_error exception
page)
On a downgrade to SGOS 3.2.4, the ProxySG reverts to using the SGOS 3.x policy that was in use the
last time that SGOS 3.x was running.
Documentation References
•
•
Chapter 15, “Advanced Policy,” in the Blue Coat ProxySG Configuration and Management Guide
The Blue Coat Content Policy Language Guide
VPM
In SGOS 4.x, VPM now uses UTF-8 encoding format for fetching and installing policy.
UTF-8 Encoding
As of SGOS 4.x, VPM policy (XML) stored in the ProxySG is read using the UTF-8 encoding format.
Any international characters present in this policy must be encoded using UTF-8. Policy (XML)
created through VPM prior to SGOS 4.x does not contain international characters and so it should
continue to load correctly after the upgrade.
If you created or edited the policy (XML) file outside VPM and loaded it into the ProxySG prior to
upgrading, it might contain international characters. If these characters are not encoded in UTF-8
format, VPM is unable to load the policy. In this case, it begins with an empty policy after displaying
an error message.
Object Naming
Objects that can be named by the user no longer start with "_" (underscore character). The underscore
character is now used internally to prevent name collisions between objects that can be named by the
user and internally generated names.
If obsoleted objects are upgraded, such as File/ MIME Types in SGOS 2.x that get translated into
combined condition objects, these objects are prefixed with __Upgraded_. Policy compiles correctly
even if the underscore character is not removed. However, if you want to edit these objects, you must
remove any underscore characters from the beginning of the object name before the object setting can
be saved successfully.
29
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
On an upgrade, objects that cannot be named by the user are automatically updated to have the
underscore character prefix the object name.
Documentation Reference
Chapter 14, “VPM,” in the Blue Coat ProxySG Configuration and Management Guide
Securing the Serial Port
When the secure serial port is enabled (recommended):
Once the secure serial port is enabled:
•
•
The Setup Console password is required to access the Setup Console.
An authentication challenge (username and password) is issued to access the CLI through the
serial port.
Upgrade/Downgrade Behavior
•
If you are upgrading, the secure serial port functionality is unchanged by default. If you never
secured the serial port, the secure serial port functionality is disabled. If you subsequently use the
Setup Console, you are asked if you want to enable secure the serial port at that time.
•
•
On new installations, you are asked if you want to enable the secure serial port.
Downgrades ignore the secure serial port setting. If older systems are present on the machine, it
might be possible for an attacker to force the downgrade and then access the serial port. For
maximum security, older systems should be deleted.
SmartFilter Version 4
SGOS 4.1 uses a new database download system for SmartFilter, version 4. A license key, which was
sent to you by Secure Computing by e-mail when you ordered the database, is required to download
the new version. In the e-mail, this key is listed as the Serial Number and is in the alpha-numeric
format of: SFxx-xxxx-xxxx-xxxx.
Note: If you use SmartFilter, version 3, the user name/ password assigned to you is still valid
(for version 3 only).
Documentation Reference
Chapter 18, “Content Filtering,” in the Blue Coat ProxySG Configuration and Management Guide.
SSL Key Management
SSL key management, in SGOS 4.x, has been modified to allow Director to better manage ProxySG
appliances.
Abandoned Syntax
The following syntax is abandoned as of SGOS 4.x, replaced by the equivalent inlinecommands.
30
Download from Www.Somanuals.com. All Manuals Search And Download.
Chapter 3: Feature-Specific Upgrade Behavior
SGOS#(config ssl)import keyring show|no-show keyring_id
SGOS#(config ssl)import certificate keyring_id
SGOS#(config ssl)import signing-request keyring_id
SGOS#(config ssl)import ca-certificate keyring_id
SGOS#(config ssl)import external-certificate keyring_id
Documentation References
Chapter 7, “Using Secure Services,” in the Blue Coat ProxySG Configuration and Management Guide
Chapter 21, “Maintenance,” in the Blue Coat ProxySG Configuration and Management Guide
Appendix F, “Using Director to Manage Appliances,” in the Blue Coat ProxySG Configuration and
Management Guide.
31
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
32
Download from Www.Somanuals.com. All Manuals Search And Download.
Index
A
D
access logging
definition syntax, abandoned 23
document conventions 6
downgrading
default logs, protocols 14
global enable/ disable switch, CLI commands 14
global enable/ disable switch, overview 14
new features in 13
CacheOS 4.x 9
SGOS 2.x 9
P2P log, format 15
to SGOS 3.2.3 9
P2P upgrade behavior 15
authentication
E
exception pages, new 28
COREid realm, added 17
Policy Substitution realm, added 17
upgrade behavior 17
F
forward layer, conditions added 21
I
B
ICAP Patience Page
bandwidth management
overview 17
CLI commands changed, added 20
L
upgrade/ downgrade behavior 18
licensing
overview 10
C
N
CacheOS 4.x, downgrading to 9
compression
Netegrity realm, upgrade/ downgrade behavior 17
overview 18
P
P2P
upgrade behavior 18
COREid realm
access logging log, format 15
upgrade behavior 15
added 17
upgrade behavior 17
CPL
Patience Page
CLI commands changed, added 20
policy
definition syntax, abandoned 23
policy warnings 23
section syntax, abandoned 23
CPU monitoring
conditions added to forward layer 21
S
section syntax, abandoned 23
CLI commands 19
overview 19
33
Download from Www.Somanuals.com. All Manuals Search And Download.
Blue Coat SGOS 4.x Upgrade Guide
substitutions
U
abandoned 25
additional 15
substitution syntax, abandoned 23
upgrading
changes between SGOS 3.2.3 and SGOS 4.x 5
restore-cacheos4-config command, upgrading 9
restore-sgos2-config command, using 9
restore-sgos3-config command, using 9
V
VPM
UTF-8 encoding 29
34
Download from Www.Somanuals.com. All Manuals Search And Download.
|