Here’s a quick example of how to create a ‘Health Check’ on a Blue Coat ProxySG appliance to help notify you when the appliance can no longer reach the Internet. In the example below I decided to poll Google and Yahoo each every minute. The actual health check looks for a “200 OK” similar to the help check of a Layer 7 switch or content load balancer.

!- BEGIN health_checks
health-check
default e-mail healthy enable
default e-mail sick enable
default event-log healthy information
default event-log sick severe
default snmp healthy enable
default snmp sick enable
create icmp "user.Internet" 10.1.1.10
edit "user.Internet"
interval healthy 60
interval sick 60
exit
create http "user.InternetTest1" http://www.google.com
edit "user.InternetTest1"
interval healthy 60
interval sick 120
exit
create http "user.InternetTest2" http://www.yahoo.com
edit "user.InternetTest2"
interval healthy 60
interval sick 120
exit
exit
!- END health_checks

Cheers!

I’m a Blue Coat ProxySG and Websense customer so I have some options at my disposal to help stem the flood from both my public/guest (WiFi) networks and my internal networks. However, even with those tools available it can be a real challenge these days to try and filter just the unwanted content out of the network, especially if you’re charged with only blocking the streaming content of the site and you are required to keep basic site access working. So there’s no blocking ncaa.com/* because that would block basic site access.

I currently have about 15,000 devices on my internal network and I average around 3,000 public devices daily on my public/guest networks. The public/guest networks routinely consume around 50Mbps of Internet traffic and the bulk of the public/guest networks are setup on our internal 802.11b/g wireless networks. So I need to be concerned about the performance of the wireless networks themselves and not just the Internet gateway/firewall.

I’m sure there are going to be dozens if not hundreds of different ways for users to find the content. I’ve already spotted a few users trying to connect via Slingbox and there are multiple apps on Google Play and the Apple Store that offer to stream the games to your mobile device over WiFi (our public/guest networks).

Here are the list of URLs that I’m starting with. I’m hoping this should help curb 50%-75% of the traffic, I’ll need to evaluate whether it will be worth the effort to go looking for the remaining 25%.

• *.turner.ncaa.com
• www.ncaa.com/mml

If you are a smaller organization you might want to have a look at OpenDNS. It’s very easy to implement and is very cost effective.

I’m curious what other people are doing, if anything? Do you already have your network locked down so this isn’t an issue? If you have a public/guest network do you allow access? Do you have any challenges based on the size of your network?

Cheers!

While this can all be done from the web interface I generally prefer the CLI (if available). The Blue Coat ProxySG appliances that I managed are setup for SSH access you may need to confirm that SSH is enabled (telnet might be enabled).

Let’s start by connecting to the BlueCoat ProxySG appliance (proxysg.acme.org);

[root@linuxhost etc]# ssh -l admin proxysg.acme.org
admin@proxysg.acme.org's password:

proxysg.acme.org - Blue Coat SG510 Series>

Once we’re connected we need to go into privledged mode to issue the commands;

proxysg.acme.org - Blue Coat SG510 Series>enable
Enable Password:

Now that we’re in privledged mode we can clear the web content cache with the following command;

proxysg.acme.org - Blue Coat SG510 Series#clear-cache
ok

And to clear the DNS cache we can use the following command;

proxysg.acme.org - Blue Coat SG510 Series#purge-dns-cache
ok

And don’t forget to logout when you’re all done.

proxysg.acme.org - Blue Coat SG510 Series#exit
Connection to proxysg.acme.org closed.

Cheers!