ProxySG & Advanced Secure Gateway

 View Only

  • 1.  BCWF license with regards to concurrent users

    Posted Nov 04, 2017 06:04 AM
    Hi All, I would like to ask if for example the bcwf license is for 1000 users only. Then, we have 500+ authenticated users and at the same time 2000+ concurrent users in proxy. The proxy we used is S400-20 (maximum of 6000 users according to the data sheet). What happens if we have 2000+ concurrent users but only have a bcwf license for 1000? Would the other users be bypassed by content filtering? We have an issue here in which a lot of websites can't be accessed. The reason is those websites are under 'unavailable category' in the proxy and that category is not allowed in our enterprise for security reasons. But those websites can be accessed in the past. Is this because our bcwf license is for 1000 users only? Best Regards, Ja


  • 2.  RE: BCWF license with regards to concurrent users

    Posted Nov 05, 2017 10:26 PM

    Hi Ja,

     

                 The BCWF License count is not enforced by the Proxy from my understanding. It is more of an ethical count that we expect our customers to purchase to match with their user count. For this website access issue, can you check the status of these url using the test option in category options to see whether you see a difference or not.



  • 3.  RE: BCWF license with regards to concurrent users

    Posted Nov 06, 2017 08:37 PM

    Hi Aravind,

    We have tested these urls in the category options and their category is "unavailable". We can access those sites in the past but suddenly we can't access them anymore.

    BR,

    Ja



  • 4.  RE: BCWF license with regards to concurrent users

    Posted Nov 06, 2017 10:39 PM

    Hi Ja,

     

                  I am feeling that they lost they categorization recently. Can you share some urls for me to check too.

     



  • 5.  RE: BCWF license with regards to concurrent users

    Posted Dec 14, 2017 12:05 PM

    Hi Ja,

    A category lookup on the proxySG/ASG would return 4 possible answers 

    1. name of the category that it has matched

    2. none - it looked up successfully but not matched category was found

    4. unavailable - which indicates either database is not available / database build is not completed / corrupted (fully/partially)

    If you have seen unavailable, I would recommend verifying some other known urls/sites like google.com facebook.com what happens with the lookup results for those? also its worth checking what is database  status under proxySG àconfiguration à content filtering à bluecoat àview download status

    For example this is a test result i got from my lab proxySG , where the lookup result show unavailable (test ran from CLI)

    #(config content-filter)test-url google.com
    Testing URL 'http://google.com/'
    % categories:
      Policy: none
      Blue Coat: unavailable
    #(config content-filter)

     

    and I If check the status of the Bluecoat web filter download it shows below 

    #(config content-filter)bluecoat

    #(config bluecoat)view

    Download log:
      Rebuilding existing database at: 2017/12/14 14:43:38 -0500
      Database build failed

    Previous download:
      Rebuilding existing database at: 2017/11/01 20:21:52 -0400
      Database date:        Mon, 31 Jul 2017 16:45:50 UTC
      Database expires:     Tue, 19 Jan 2038 03:14:07 UTC
      Database version:     372120300

     

    So this indicates proxySG needs to redownload the database again (by hitting download now) and let it rebuild on its own OR the exiting DB needs to be purged and downloaded again. Referenced in KB https://support.symantec.com/en_US/article.TECH241744.html

    Thanks

    Akhter