Advice for preparing to support Blue Coat

stamosstamos Registered Users Posts: 2 ■□□□□□□□□□
Hi

I'm a junior system admin with little network/security experience, however my employer has purchased a couple ProxySG and PS devices I am now expected to support. Other than their own training and certification which I'm already going through, is there any other particular knowledge I should be familiarizing myself with in order to effectively support this technology?

ps. long time lurk, appreciate all the information shared here!

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,886 Admin
    Are you looking for how to troubleshoot and maintain the systems or how to administratively use them to monitor and restrict users? Make sure you understand how to contact your tech support (Cadre) and open trouble tickets.

    Will you also be using Blue Coat Reporter for analyzing your proxy logs? Did you also buyProxyAV servers for A/V scanning/blocking of in-transit traffic?
  • stamosstamos Registered Users Posts: 2 ■□□□□□□□□□
    I had to check with my boss. They have purchased ProxySG, ProxyAV and PacketShaper. They are being deployed by someone else so I will not be involved in the initial setup, but I will be responsible for future changes and all troubleshooting.

    The course covers most of the internal workings, I am just looking for any related knowledge I should be picking up to get on top of these products. For instance I know it can output to Wireshark for troubleshooting and configuration use so I'm working on understanding that application. I was also thinking about brushing up on networking fundamentals, routing, etc.

    I see there is a lot of negativity about Blue Coat's products in certain circles so I would like to be proactive about getting it down and not let it turn into a problem for me.
  • tprice5tprice5 Member Posts: 770
    stamos wrote: »
    I see there is a lot of negativity about Blue Coat's products in certain circles so I would like to be proactive about getting it down and not let it turn into a problem for me.

    This. Get it right or everyone will hate you. Source: I hate our bluecoat guys.
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,886 Admin
    I would also suggest you throw "competency with Linux" on your TODO list. Many things in BC are best done from the Linux command line.
    tprice5 wrote: »
    This. Get it right or everyone will hate you. Source: I hate our bluecoat guys.
    Are you working directly with Blue Coat's people or with their contract support people from Cadre? The degree of competence you get from Cadre for any given support tech is certainly hit-and-miss. Once you get a competent support person it's best to ask for them by name in future.
  • tprice5tprice5 Member Posts: 770
    JDMurray wrote: »
    Are you working directly with Blue Coat's people or with their contract support people from Cadre?

    Oh I was just poking fun at our local security guys who manage the on-site bluecoat we have here. The settings are super restrictive so when I am researching a problem a lot of the help sites are in blog format and are therefore blocked. It's frustrating when you've searched every corner of the internet for an obscure error code and 3/4 of the available sites aren't reachable.
    It seems to be a pretty good product though, even if I dislike it's implementation. You can block facebook chat without blocking facebook entirely, which I was pretty impressed by.
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,886 Admin
    You might consider setting up a secure proxy address that bypasses your BC proxy. This way the security people can surf the Internet without being restricted by BC's allow-deny list.
Sign In or Register to comment.