Sunday, February 22, 2015

Proxy AV
       Blue Coat’s ProxySG and ProxyAV appliances communicate using Internet Content Adaptation Protocol (ICAP). ICAP is an open standard protocol that allows content engines to send HTTP based content to an ICAP server for performing value-added services such as virus scanning.
       The ProxySG is the ICAP client, and the ProxyAV is the ICAP server. The ProxySG forwards Web content that needs to be scanned to the ProxyAV. The ProxyAV filters and adapts the content and returns it to the ProxySG. The scanned content is then served to the user who requested the content and cached on the ProxySG.
       Once an object is cached, it is not scanned again until either the object contents change or the AV database changes.
       The AV database is a pattern file that allows anti-virus software to identify viruses. Whenever the database changes, the ProxyAV needs to rescan any requested objects that are in the cache, because the new database might contain updates on emerging malware threats.

       Proxy SG when receive some data then first it check the traffic is allowed on the proxy via policy. If not exempted then it sends traffic to Proxy AV.



1.       ProxySG/ProxyAV With Direct Internet Access

·         Multiple ProxySG appliances to multiple ProxyAV appliances. The ProxySG has the capability to load balance Web scanning between multiple ProxyAV appliances or to designate a sequence of ProxyAV appliances as failover devices should the primary ProxyAV go offline.

1.       ProxySG/ProxyAV in a Closed Network
For heightened security, some network architectures (particularly in government or military environments) prevent devices from having direct Internet access. The following diagram illustrates a closed network topography.


1.       One ProxySG to One ProxyAV
       No Web malware scanning if the ProxyAV goes down. Depending on the policy you implement on ProxySG, when the ProxyAV fails, users either receive unscanned content or exception pages noting that the content cannot be delivered.
       No load balancing for ICAP scanning if the ProxyAV gets overwhelmed with ICAP requests.
       No failover if the ProxySG goes down.

Configuring Proxy SG/AV
       Step 1 : Prepare SECURE ICAP communication between Proxy SG and Proxy AV. (Optional)
       Step 2: Add Proxy AV to Proxy SG.
       Step 3:  configure Service Groups ( optional )

Add the ProxyAV to the ProxySG
a.Select Configuration > External Services > ICAP Services
b. Select New.



       Choose the connection mode(s) and ports. The default is plain ICAP on port 1344. For secure ICAP, the default secure ICAP port is 11344. If you changed the port when configuring the ProxyAV in the previous task, you must specify the same port number.
       Select the SSL Device Profile for the ICAP service. For more information, see Task 1: (Optional) Prepare the Appliances for Secure ICAP.
       Click OK to save your changes and exit the open dialog box.


Service Groups :
It is used for load balancing Proxy AV Servers across Proxy SG. A service group is a named set of ICAP services. You will need to create service groups when you are using multiple ProxyAV appliances to process a large volume of scanning requests (load balancing).


Posted by at 3 comments:
Subscribe to: Posts (Atom)