Blue Coat Acceleration Take-Home Lab: Proxysg Initial Configuration

Blue Coat Acceleration Take-Home Lab: ProxySG Initial Configuration

SE Enablement Team

Page 1 of 14 8/12/09 11:21 AM September 2009

2 Table of Contents

Page 3 of 14 8/12/09 11:21 AM ProxySG Setup

Objectives Reset the ProxySG to factory defaults (if needed) Assign a network address to the ProxySG. Assign administrative login credentials. Upgrade the SGOS on the ProxySG Ensure licensing is up to date on the ProxySG.

Scenario Your first task is to make the ProxySG accessible on the network. In the event the ProxySG has a previous configuration on it, there will be a step to restore the factory default configuration on the ProxySG before continuing with the lab.

Once the ProxySG has been assigned the correct network settings for your lab, it must be licensed and run the latest Blue Coat SGOS. For this task, you will need Internet access to reach the appropriate Blue Coat web sites, as well as an account on Blue Touch, the Blue Coat technical partner portal.

Before You Begin For this lab, you will need:

Terminal software: PuTTY, HyperTerminal®, Tera Term Pro, or equivalent A Blue Coat Proxy SG (any model) Internet Access A Blue Touch Account username and password (for SGOS upgrade and license activation) A Blue Coat SG console cable (9 pin serial, female to female, that ships with all SG units) Access to a lab or office Local Area Network, with RJ-45 Ethernet wires to connect the SG and your laptop to the network Available IP address for the SG, as well as information on DNS, default gateway, and subnet mask

Steps

If the Proxy SG has been previously configured: The SG will need to be restored to factory defaults.

1. Connect your computer to your ProxySG using the serial cable that is provided with the ProxySG.

2. Launch your terminal software, and select serial connection with speed 9600, no parity, 8 data bits and 1 stop bit.

3. Start the session with the above settings. The console displays a blank screen. This is normal.

4. Press the Enter key three times, and the welcome screen displays.

4 5. Choose the Command Line Interface option

5. Enter M for manual setup, and press the Enter key to manually set up the ProxySG using the serial console.

Note: If at any time you make a mistake and want to exit the setup console, press the Esc key. This will let you exit the setup console wizard without saving any of the changes that you made.

6. In the next step, hit the Enter key to accept the default for ‘Is the IP address to be configured on a non-native VLAN? (Y/N). The default should be [No].

Note: If the desired response is within the square bracket, it is the default response, and pressing the Enter key will invoke it. To answer yes/no questions, press the Y or N key.

7. In the next step, the IP address information you enter won’t matter as the SG will be reset to factory defaults. Enter network information for the SG as follows: IP address: 1.1.1.1

Page 5 of 14 8/12/09 11:21 AM IP subnet mask: 255.255.255.0 IP gateway: 1.1.1.2 DNS server: 1.1.1.3

8. Answer No to the question “Would you like to change any of them?”

9. The second page of the setup dialogue screens comes up. When prompted, you can change the console as well as the enable user passwords if you wish. If you are happy with the existing accounts, you can simply answer No to the prompt ‘Would you like to change the console user account now?

10. Answer No to the question ‘Do you want to secure the serial port? Y/N

Authorised Workstations

11. The fourth and final page of the setup dialogue screens comes up. At this point, the last message the SG should give is CONFIGURATION COMPLETE. At this point, hit the enter key three times to activate the serial console.

12 After hitting the Enter key three times, a menu will come up for 1) Command Line Interface and 2) Setup Console. Select 1) as the Setup Console will take you back the configuration screens you just completed.

613. At the prompt, type enable and hit the Enter key. Enter the enable password for the SG.

714. At the enable prompt (designated by the # mark at the end of the prompt), enter the following command: restore-defaults factory-defaults and hit the enter key.

185. Hit Y to confirm the system re-initialization. The SG will restart.

916. Proceed with the section: ‘If the SG is already at Factory Defaults’

If the Proxy SG is new or restored to factory defaults: The SG can needs to be configured with your network parameters.

Note: if your SG has SGOS 5.3.x or earlier, use the following section (SGOS 5.3 and Earlier Configuration). If your SG has SGOS 5.4 and later, please go to the section below entitled ‘SGOS 5.4 and Later Configuration’

SGOS 5.3 and Earlier Configuration:

1. Connect your computer to your ProxySG using the serial cable that is provided with the ProxySG.

2. Launch your terminal software, and select serial connection with speed 9600, no parity, 8 data bits and 1 stop bit.

3. Start the session with the above settings. The console displays a blank screen. This is normal.

6 4. Press the Enter key three times, and the welcome screen displays:

Above screenshot…

Enter M for manual setup, and press the Enter key to manually set up the ProxySG using the serial console. Note: If the desired response is within the square bracket, it is the default response, and pressing the Enter key will invoke it. To answer yes/no questions, press the Y or N key.

5. In the next step, hit the Enter key to accept the default for ‘Is the IP address to be configured on a non-native VLAN? (Y/N). The default should be [No]. This option will create a 802.1q tagged link in a configuration where multiple VLANs are configured and the link is a trunk link where the IP address in on the non-native VLAN. The assumption here is that for this exercise, the link is a non-trunk link with no need for q tags.

6. Enter the appropriate values for the SG IP address, subnet mask, default gateway, and DNS server for your local network.

7. When prompted if you want to change any of the values, answer No (unless you made an error and need to restart the setup process)

8. Configure a console account – it is recommended to use the default admin username for the console account.

Page 7 of 14 8/12/09 11:21 AM 9. Confirm the admin password

10. Enter a password for the enable mode and confirm.

11. Answer No to the question ‘Do you want to secure the serial port? Y/N

12. The fourth page of the setup dialogue screens comes up. At this point, choose M to set up the MACH5 edition of the SGOS software.

13. Hit No to confirm MACH5 trial edition.

14. At this point the initial configuration of the SG is done. You can access the SG by console cable, SSH to the IP address you configured in step 7, or via web GUI by going to https://x.x.x.x:8082/, where x.x.x.x is the IP address you entered in step 7.

SGOS 5.4 and Later Configuration: 1. Connect your computer to your ProxySG using the serial cable that is provided with the ProxySG. 2. Launch your terminal software, and select serial connection with speed 9600, no parity, 8 data bits and 1 stop bit. 3. Start the session with the above settings. The console displays a blank screen. This is normal. 4. Press the Enter key three times, and the welcome screen displays. 5. For Step 1:, choose option a), Through a manual setup 6. For Step 2: choose option a) Acceleration (this choice will deploy the SG in WAN optimization mode only as opposed to the full Proxy SG mode). 7. For Step 3: choose option a) Physically in-path. 8. For Step 4: enter a name for the Proxy SG. 9. For Step 5: enter ‘Yes’ to configure the hardware bridge interface. (Please note that the exact port configuration of hardware and/or bridge interfaces may vary according to the exact model of SG hardware you are configuring.) 10. Enter the IP address for the SG 11. Enter the subnet mask for the SG 12. The Ethernet link information will come up – check the settings to make sure the SG network interface settings match your network settings. Enter ‘Yes’ to accept the speed and duplex settings or if needed enter the correct settings followed by ‘Yes’ 13. Enter either No or Yes for the prompt ‘Does this interface require a VLAN?’ In most cases the answer is No; only in network environments where you connect the SG to a port that is configured for a trunk would this be Yes. 14. For Step 6: Enter the default gateway IP address (note: the SG will try to ping this address to verify it is reachable) 15. For Step 7: Enter the primary DNS server. (note: the SG will try to use this DNS server to resolve the host www.bluecoat.com to verify the DNS server is up and reachable) 16. For Step 8: Enter the Administrator account name (best practice is to leave it as admin) 17. For Step 9: Enter the Administrator password. You will be prompted to re-enter it. 18. For Step 10: Activate acceleration immediately?, answer Yes

8 19. A summary screen now reports all of the settings you have configured. If the settings are ok, type Save and press Enter. Otherwise, enter the number of the item you would like to change and then type Save and press Enter. 20. At this point the initial configuration of the SG is done. You can access the SG by console cable, SSH to the IP address you configured in step 7, or via web GUI by going to https://x.x.x.x:8082/, where x.x.x.x is the IP address you entered in the setup.

Page 9 of 14 8/12/09 11:21 AM Connect to the Blue Coat GUI and verify SGOS version

After configuring your ProxySG, you can access the Blue Coat WebUI using any compatible Web browser from the URL https:// proxyIPaddr :8082, where proxyIPaddr is the IP address of the SG you set in the previous exercise.

Open your browser, and access the URL https://proxyIPaddr:8082.

You will receive a warning message about the digital certificate similar not being from a trusted issuer. Depending on your web browser software, you will need to acknowledge that the site is OK to visit by accepting the certificate. (NOTE: to avoid this warning in the future and to follow best security practices, it is recommended to install a certificate that your organization trusts for the SG. The procedure for this can be referenced in the SGOS user guides.)

You may also get a popup window about the Java applet that the GUI will attempt to run, depending on your browser software you may need to click to trust that applet from the SG.

The ProxySG prompts you for the username and password. Use the username and password that you specified during configuration.

Note: Blue Coat UI, SkyUI, and SGOS versions:

Depending on the version of SGOS you are running, you will see either the standard Blue Coat UI (in SGOS 5.3.x and earlier) or the Sky UI (in SGOS 5.4 and later). The Sky UI is set to be the default UI if you deploy the SG in WAN optimization mode only (from the previous exercise when you chose Mach5 over SG), or when you have a software license for the Mach5 only version of SGOS. However, if you factory reset a ProxySG running 5.4 or later and it ran Proxy edition rather than Mach5 edition of SGOS, the Default UI will still be the Blue Coat standard UI and not the Sky UI, even if you select Mach5 edition after the factory reset.

The Sky UI for Mach5 can be identified by the logo ‘Acceleration’ at the top of the screen and the three tabs: Monitor, Report, Configuration.

The standard UI can be reached from the Sky UI in two places:

From the Report tab: click on the Advanced Statistics button in the lower left part of the screen.

From the Configuration tab: click on the Advanced Configuration tab in the lower left part of the screen.

10 Upgrade Blue Coat SGOS

Objective Upgrade the SGOS software on the Blue Coat® ProxySG® to the latest version.

Steps The procedure for upgrading SGOS is the same for both the ProxySG and MACH5 versions of SGOS. However, the directions below are for the standard Blue Coat UI. If you are running the Sky UI, enter the Advanced Configuration via the button on the lower left part of the screen when you are in the Sky UI Configuration tab.

1. Open your browser, and access the URL https://proxyIPaddr:8082

2. Click on the management console section on the left part of the screen

3. Click the Maintenance tab at the top of the screen

4. Click on Upgrade to the left of the screen

5. Two tabs will show at the top of the screen. Click the ‘Systems’ tab to view which version of SGOS your SG is running as well as the available slots the SG has for software upgrades. Ensure that there is a slot open by either verifying ‘empty’ shows up at least once in the list of systems, or that the ‘Replace’ check box is selected next to an older version of SGOS that you want to replace.

6. Click the Upgrade tab at the to of the screen

7. You will now need to retrieve the URL to download the new version of SGOS. Open a new browser window to the Blue Coat support web site: https://support.bluecoat.com. Once on the site, click the Downloads tab at the top of the screen.

8. Under the ProxySG section, click on SGOS 5.4

9. Enter your login credentials for the site on the left (these are also known as Blue Touch credentials). NOTE: if you do not have a Blue Touch account, you can request one from the same page with the link on the right. You will need a Blue Touch account for the Acceleration Boot Camp course so it is a good idea to set one up now.

10. A list of SGOS versions will show up along with links to the supported Blue Coat hardware platforms. Click in the section of the latest version of SGOS (on the top of the list) to the link that matches the model of SG you are upgrading.

11. A software licensing agreement will appear. Click that you agree to the terms before continuing.

12. The screen that comes up next will allow you to download the file directly, which is the first ‘Download Now’ button. The second field is a URL that can be pasted directly into the SG. Select the URL field and copy the text.

13. Go back to the SG GUI, which still should have the Upgrade screen up from step 6. Paste the download URL into the field on the SG

Page 11 of 14 14. Click the download button. The SG will download the new software image.

15. Once the download is finished, restart the SG. The SG can be restarted via the Restart button at the bottom of the upgrade screen.

Licensing the SG

Objective Ensure the SG has the appropriate license activated.

Steps If the SG you are using already has a valid license, this step can be skipped. If the SG has a trial version license that will last long enough to complete your evaluation or lab test exercise, this step may also be skipped.

Best practice is to license the SG as part of the initial process of racking, installing, and upgrading to ensure there is no loss of functionality later in the event a license trial period runs out.

To license the SG, you will need the SGOS 5.x license key, which has a unique software serial number, as well as a valid login account to the Blue Coat licensing server (your Blue Touch account used in step 7 of the previous exercise will work)

1. Open a new browser window to the Blue Coat support web site: https://support.bluecoat.com. Once on the site, click the Licensing tab at the top of the screen. 2. Select License a Proxy 3. A login window pops up. Enter your Blue Touch credentials and log in.

4. The licensing self-service window appears. You may see other SG’s listed in the window; these are SG’s that are registered to the company or organization you are a part of. NOTE: it is best practice when installing Blue Coat SG’s at a customer engagement to have them create their own login for the licensing server so that the SG’s will be licensed and registered to their company and not to your own. 5. Enter the appliance serial number and model number in the area at the bottom of the page and click ‘Register New Appliance’ 6. You should get a screen with a new message: Support – License Management. Now Registering Appliance! Done! 7. If the registration process fails, or does not show Done!, contact Blue Coat support to ensure the serial number is properly registered in the system and your software contract(s) are in place. 8. The Serial Number is now registered with Blue Coat, but now the actual license for this SG needs to be activated. To do so, continue with the following steps: 9. Click on the Edit this Hardware button. 10. In the new screen that comes up, click on Manage Software Serial Numbers 11. Scroll to the bottom of the screen, to where there are boxes to Add a New Software Option to this appliance.

12 12. In one of the boxes, enter the software serial number that shipped with your Blue Coat SG. If you do not have one or it is lost, please contact Blue Coat support or your local Blue Coat channel representative. 13. Click the Apply button 14. Wait as the software is registered to that SG 15. Once the software features are registered to that SG/serial number, those features show up under the serial number and model number at the top of the screen. 16. The license key can be downloaded via web or via a license file. A license file provides a quick restore if the SG ever needs to be factory reset and is a good thing to store in a secure location on site or on a server. 17. To download the license file, click on the ‘Get License’ link at the right under Cust. Info. 18. Download the .bin file when prompted. 19. Go back to the management UI for the SG. If you are using Sky UI, make sure you go to the Advanced Configuration UI for the remaining steps. 20. Click on the Maintenance ->Licensing tab and then click the Install tab at the top of the screen. 21. From the pull down menu at the bottom of the page, choose ‘local file’ and then click the install button. 22. Locate the .bin file you downloaded in step 17. 23. Select the file. Click OK to install the license file. 24. The SG should now report the license file was successfully installed. Check the Maintenance tab -> Licensing -> View to ensure the expiration date shows as ‘none’ under the software features you have licensed.

Completing the Lab

Objective Once the lab is completed, capture evidence that you have been able to upgrade SGOS and register the Hardware and Software licenses on a Blue Coat SG appliance.

Steps 1. Open a GUI session on the SG. NOTE: If you are running Sky UI, go to the standard UI configuration by selecting the Advanced Configuration button at the lower left part of the screen when you are in the Sky UI Configuration tab. 2. Go to the Configuration tab at the top of the screen. Navigate to General- >Identification, and take a screen shot – this will show the Software upgrade portion of the lab was completed. 3. Go to the Maintenance tab at the top of the screen. Click on the Licensing section on the left side of the screen and take a screen shot – this will show the licensed components on the SG – at the very least, SGOS should be listed with no expiration date. 4. Submit the screen shots with your contact information to either the Blue Coat Learning Management System or to your Blue Coat channel SE.

Page 13 of 14 14