I won’t go into an introduction of what SSO is and Bluecoat’s implementation of it, there are some good KB articles on this subject. The following article (hopefully to be published soon on the bluecoat KB) explores how SSO interacts with windows and how to use the sysinternals PSloggedon tool to troubleshoot this. Symptom: When … Continue reading Using PSloggedon to troubleshoot BlueCoat Single Sign On (SSO)
When comparing the two proxy solutions I am most familiar with, these being BlueCoat ProxySG and SQUID, the most striking difference is the capability of the bluecoat to easily change and modify the traffic passing through it. For the Bluecoat-savvy of you, adding a “Web Access” and “Web Content” layer in policy allows you to … Continue reading SQUID + GreasySpoon : enhancing your proxy deployment with content adaptation
As we progress into IPv6 networks, one of the more common transitory scenarios we will see will be similar to the following: Especially in earlier stages, it is to be expected that isolated “pools” of IPv6 networks will need to communicate with a still predominantly IPv4 internet. One of the many ways of facilitating this … Continue reading IPv6 to IPv4 using proxies : lessons learned
Hopefully this will get published in the bluecoat KB soon, but till then, enjoy 🙂 It’s centred around Bluecoat’s implementation, but the steps are generic enough to be useful in general proxy deployments. Configuring Kerberos in a Bluecoat explicit proxy deployment. Pre-Setup : Setting up the Windows environment In order to function properly in windows … Continue reading Configuring Kerberos in an explicit proxy deployment (BlueCoat).
Some customers often ask when using a proxy, if it’s possible to redirect one HTTPS site to another. IE will not accept a non-2xx code in response to an HTTPS. Officially, there is nothing more to it, it’s not possible… I have a workaround/hack for this. Please be aware that I provide this to you … Continue reading Redirecting HTTPS sites using ProxySG
Had to deal with an interesting case lately. This is what the customer wanted: as you can see, the link between the client and the ProxySG is to be negotiated using HTTPS, while the link between the ProxySG and the OCS is to be plain old HTTP. This is easily handled by the ProxySG when … Continue reading Using client certificate authentication w/ BC ProxySG
Classic hotel WiFi access scenario: You’d like to setup your network in such a way as to give a particular user only a certain amount of time per day to browse the internet. Say for example “guestuser1” should only be given 2 hours of internet access per day. Some vendors make this (relatively) easy. For … Continue reading Internet browsing time-based quotas