Monday, February 1, 2010

Defining proxy rules on the Proxy SG

The Visual Policy Manager (VPM) is graphical policy editor included with the ProxySG. VPM allows

you to define Web access and resource control policies without having an in-depth knowledge of Blue

Coat Systems Content Policy Language (CPL) and without the need to manually edit policy files.

This chapter

Policies tell the Proxy SG what to do with intercepted traffic.

Traffic can be forwarded, blocked, redirected to another host or port, sent for webfiltering or AV scanning, etc.

Standard policies are created in the Visual Policy Manager and more complex policies are configured on the command line CPL (not covered here).

Like most policies, the VPN is read from top down in the following order:

Administration Authentication—Determines how administrators accessing ProxySG must

authenticate.

Administration Access—Determines who can access the ProxySG to perform administration

tasks.

DNS Access—Determines how the ProxySG processes DNS requests.

SOCKS Authentication—Determines the method of authentication for that access the proxy

through SOCKS.

Web Authentication—Determines whether user clients that access the proxy or the Web must

authenticate.

Web Access—Determines what user clients accessing the proxy or the Web can access and any

restrictions that apply.

Web Content—Determines caching behavior, such as verification and ICAP redirection.

Forwarding—Determines forwarding hosts and methods. Unlike most policies, each policy can have multiple layers. For example, there can be several Web Authentication layers. In the event that multiple layers exist, enforcement is read from left to right. When a hit is made on a particular layer, it then proceeds to the next layer to the right. THE ACTION OF THE LAST LAYER WILL BE ENFORCED.

NOTE:

If a policy is configured to bypass, the proxy traffic must be transparent since all explicit traffic is directed to the proxy server itself and a bypass rule is telling the proxy to ignore this traffic.

After new policies are created, they must be installed by selecting File>Install Policies. If this is not done, all new policies will be lost once the VPM is closed.

However new rules can be created and disabled.

Posted by Jerome at 9:48 AM
Labels: , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)