Blue Coat ProxySG Secure Gateway
The Blue Coat ProxySG Secure Gateway (ProxySG) appliance can be configured to provide two different functions. In MACH5 mode, it operates as a WAN Optimization device. In Proxy mode, it functions as a Content-Caching Proxy Server, providing an additional layer of security for accessing the Internet.
To “proxy” is defined as “authorized to act for another’. The ProxySG can be implemented in ‘forward-proxy’ mode where it is used as a client gateway to the Internet, or in ‘reverse-proxy’ mode where it provides the initial point of access to your web servers. In reverse-proxy mode, the ProxySG can provide services such as load-balancing and SSL offloading to enhance the security and availability of your web servers. For this discussion, however, we will focus on features provided by the forward-proxy mode of the ProxySG.
Web browsers such as Internet Explorer and Firefox receive content from a web site and store that data temporarily in a folder on your computer. This temporary storage is called ‘cache’. If you go to that web site while the data is in cache, the browser can pull the data from there instead of going to the Internet to get it. This allows the web site to be displayed much faster. Unfortunately, this data is only available to the same person that initially accessed it since it is stored on their local computer. The content caching feature of the ProxySG changes that. Since it is a network device that is acting on behalf of your Internet users, the content is stored on the ProxySG. Therefore, the content from one user’s access is made available to all other authorized users. The next person that launches their browser and requests that same website will receive it from the cache on the ProxySG. The end result of this content-caching feature is that many websites can be stored on the ProxySG and made available to all of your users. This approach can help you use your Internet bandwidth much more efficiently.
The ProxySG can support several web filtering solutions on-the-appliance, such as SmartFilter and Websense in addition to Blue Coat’s own BCWF (web filter). All web filtering solutions categorize web sites based upon a number of criteria such as key words, phrases, site language, links, and spyware. The BCWF database contains over 15 million websites published in more than 50 languages, and organized into 69 categories. Unlike some solutions that update the database daily (or less often), Blue Coat’s BCWF database updates these categories several times an hour. In addition, the BCWF web filter can be configured to provide dynamic protection with their Dynamic Real-Time Rating (DRTR) service that categorizes web sites ‘on-the-fly’. When running the BCWF web filter on the ProxySG, the powerful policy engine allows use of the categories in your defined access policies. For example, a policy could be written to block sites in the ‘Social Networking’ category during working hours, but allow access to those sites during the lunch hour.
In today’s economy, online training is often preferred over traveling for a training course. If several people within your organization decide to view that online training at the same time, it could significantly impact your Internet connection due to high utilization. To help mitigate this situation, the ProxySG has a feature called Stream Splitting and Caching. First, if a video stream can be cached, it is cached on the ProxySG in a fashion similar to the web content mentioned previously. Secondly, the Stream Splitting feature is the ProxySG recognizing that the same video is being requested by another person and splits the stream internally to serve the content to both individuals directly from the ProxySG, instead of pulling the content from the Internet again.