Blue Coat Acceleration Take-Home Lab:
ProxySG Initial Configuration
SE Enablement Team
September 2009
Page 1 of 10
8/12/09 11:21 AM
Table of Contents
Table of Contents .......................................................................................................... 2
ProxySG Setup .............................................................................................................. 3
Objectives............................................................................................................... 3
Scenario ................................................................................................................. 3
Before You Begin ..................................................................................................... 3
Steps ........................................................................................................................ 3
If the Proxy SG has been previously configured: .......................................................... 3
If the Proxy SG is new or restored to factory defaults: .................................................. 4
Connect to the Blue Coat GUI and verify SGOS version ...................................................... 7
Upgrade Blue Coat SGOS ............................................................................................... 8
Objective ................................................................................................................ 8
Steps ..................................................................................................................... 8
Licensing the SG......................................................................................................... 9
Objective ................................................................................................................ 9
Steps ..................................................................................................................... 9
Page 2 of 10
8/12/09 11:21 AM
ProxySG Setup
Objectives





Reset the ProxySG to factory defaults (if needed)
Assign a network address to the ProxySG.
Assign administrative login credentials.
Upgrade the SGOS on the ProxySG
Ensure licensing is up to date on the ProxySG.
Scenario
Your first task is to make the ProxySG accessible on the network. In the event the ProxySG
has a previous configuration on it, there will be a step to restore the factory default
configuration on the ProxySG before continuing with the lab.
Once the ProxySG has been assigned the correct network settings for your lab, it must be
licensed and run the latest Blue Coat SGOS. For this task, you will need Internet access to
reach the appropriate Blue Coat web sites, as well as an account on Blue Touch, the Blue Coat
technical partner portal.
Before You Begin
For this lab, you will need:
Terminal software: PuTTY, HyperTerminal®, Tera Term Pro, or equivalent
A Blue Coat Proxy SG (any model)
Internet Access
A Blue Touch Account username and password (for SGOS upgrade and license activation)
A Blue Coat SG console cable (9 pin serial, female to female, that ships with all SG units)
Access to a lab or office Local Area Network, with RJ-45 Ethernet wires to connect the SG and your laptop
to the network
Available IP address for the SG, as well as information on DNS, default gateway, and subnet mask
Steps
If the Proxy SG has been previously configured:
The SG will need to be restored to factory defaults.
1. Connect your computer to your ProxySG using the serial cable that is provided with
the ProxySG.
2. Launch your terminal software, and select serial connection with speed 9600, no
parity, 8 data bits and 1 stop bit.
3. Start the session with the above settings. The console displays a blank screen. This is
normal.
4. Press the Enter key three times, and the welcome screen displays.
5. Choose the Command Line Interface option
Page 3 of 10
8/12/09 11:21 AM
6. At the prompt, type enable and hit the Enter key. Enter the enable password for the
SG.
7. At the enable prompt (designated by the # mark at the end of the prompt), enter the
following command: restore-defaults factory-defaults and hit the enter key.
8. Hit Y to confirm the system re-initialization. The SG will restart.
9. Proceed with the section: ‘If the SG is already at Factory Defaults’
If the Proxy SG is new or restored to factory defaults:
The SG needs to be configured with your network parameters.
Note: if your SG has SGOS 5.3.x or earlier, use the following section (SGOS 5.3 and Earlier
Configuration). If your SG has SGOS 5.4 and later, please go to the section below entitled
‘SGOS 5.4 and Later Configuration’
SGOS 5.3 and Earlier Configuration:
1. Connect your computer to your ProxySG using the serial cable that is provided with
the ProxySG.
2. Launch your terminal software, and select serial connection with speed 9600, no
parity, 8 data bits and 1 stop bit.
3. Start the session with the above settings. The console displays a blank screen. This is
normal.
4. Press the Enter key three times, and the welcome screen displays:
Enter M for manual setup, and press the Enter key to manually set up the ProxySG using
the serial console. Note: If the desired response is within the square bracket, it is
the default response, and pressing the Enter key will invoke it. To answer yes/no
questions, press the Y or N key.
5. In the next step, hit the Enter key to accept the default for ‘Is the IP address to be
configured on a non-native VLAN? (Y/N). The default should be [No]. This option will create a
802.1q tagged link in a configuration where multiple VLANs are configured and the link is a trunk
link where the IP address in on the non-native VLAN. The assumption here is that for this exercise,
the link is a non-trunk link with no need for q tags.
6. Enter the appropriate values for the SG IP address, subnet mask, default gateway, and DNS server
for your local network.
Page 4 of 10
8/12/09 11:21 AM
7. When prompted if you want to change any of the values, answer No (unless you made an error and
need to restart the setup process)
8. Configure a console account – it is recommended to use the default admin username for the
console account.
9. Confirm the admin password
10. Enter a password for the enable mode and confirm.
11. Answer No to the question ‘Do you want to secure the serial port? Y/N
12. The fourth page of the setup dialogue screens comes up. At this point, choose M to
set up the MACH5 edition of the SGOS software.
13. Hit No to confirm MACH5 trial edition.
14. At this point the initial configuration of the SG is done. You can access the SG by
console cable, SSH to the IP address you configured in step 7, or via web GUI by going
to https://x.x.x.x:8082/, where x.x.x.x is the IP address you entered in step 7.
SGOS 5.4 and Later Configuration:
1. Connect your computer to your ProxySG using the serial cable that is provided with
the ProxySG.
2. Launch your terminal software, and select serial connection with speed 9600, no
parity, 8 data bits and 1 stop bit.
3. Start the session with the above settings. The console displays a blank screen. This is
normal.
4. Press the Enter key three times, and the welcome screen displays.
5. For Step 1:, choose option a), Through a manual setup
6. For Step 2: choose option a) Acceleration (this choice will deploy the SG in WAN
optimization mode only as opposed to the full Proxy SG mode).
7. For Step 3: choose option a) Physically in-path.
8. For Step 4: enter a name for the Proxy SG.
9. For Step 5: enter ‘Yes’ to configure the hardware bridge interface. (Please note that
the exact port configuration of hardware and/or bridge interfaces may vary according
to the exact model of SG hardware you are configuring.)
10. Enter the IP address for the SG
11. Enter the subnet mask for the SG
12. The Ethernet link information will come up – check the settings to make sure the SG
network interface settings match your network settings. Enter ‘Yes’ to accept the
speed and duplex settings or if needed enter the correct settings followed by ‘Yes’
13. Enter either No or Yes for the prompt ‘Does this interface require a VLAN?’ In most
cases the answer is No; only in network environments where you connect the SG to a
port that is configured for a trunk would this be Yes.
14. For Step 6: Enter the default gateway IP address (note: the SG will try to ping this
address to verify it is reachable)
15. For Step 7: Enter the primary DNS server. (note: the SG will try to use this DNS
server to resolve the host www.bluecoat.com to verify the DNS server is up and
reachable)
16. For Step 8: Enter the Administrator account name (best practice is to leave it as
admin)
17. For Step 9: Enter the Administrator password. You will be prompted to re-enter it.
18. For Step 10: Activate acceleration immediately?, answer Yes
19. A summary screen now reports all of the settings you have configured. If the settings
are ok, type Save and press Enter. Otherwise, enter the number of the item you
would like to change and then type Save and press Enter.
20. At this point the initial configuration of the SG is done. You can access the SG by
console cable, SSH to the IP address you configured in step 7, or via web GUI by going
Page 5 of 10
8/12/09 11:21 AM
to https://x.x.x.x:8082/, where x.x.x.x is the IP address you entered in the setup.
Page 6 of 10
8/12/09 11:21 AM
Connect to the Blue Coat GUI and verify SGOS version
After configuring your ProxySG, you can access the Blue Coat WebUI using any compatible
Web browser from the URL https://proxyIPaddr:8082, where proxyIPaddr is the IP address of the
SG you set in the previous exercise.
Open your browser, and access the URL https://proxyIPaddr:8082.
You will receive a warning message about the digital certificate similar not being from a
trusted issuer. Depending on your web browser software, you will need to
acknowledge that the site is OK to visit by accepting the certificate. (NOTE: to avoid this
warning in the future and to follow best security practices, it is recommended to install a certificate
that your organization trusts for the SG. The procedure for this can be referenced in the SGOS
user guides.)
You may also get a popup window about the Java applet that the GUI will attempt to run, depending on
your browser software you may need to click to trust that applet from the SG.
The ProxySG prompts you for the username and password. Use the username and
password that you specified during configuration.
Note: Blue Coat UI, SkyUI, and SGOS versions:
Depending on the version of SGOS you are running, you will see either the standard Blue
Coat UI (in SGOS 5.3.x and earlier) or the Sky UI (in SGOS 5.4 and later). The Sky UI
is set to be the default UI if you deploy the SG in WAN optimization mode only (from
the previous exercise when you chose Mach5 over SG), or when you have a software
license for the Mach5 only version of SGOS. However, if you factory reset a ProxySG
running 5.4 or later and it ran Proxy edition rather than Mach5 edition of SGOS, the
Default UI will still be the Blue Coat standard UI and not the Sky UI, even if you select
Mach5 edition after the factory reset.
The Sky UI for Mach5 can be identified by the logo ‘Acceleration’ at the top of the screen
and the three tabs: Monitor, Report, Configuration.
The standard UI can be reached from the Sky UI in two places:
From the Report tab: click on the Advanced Statistics button in the lower left part of the
screen.
From the Configuration tab: click on the Advanced Configuration tab in the lower left part
of the screen.
Page 7 of 10
Upgrade Blue Coat SGOS
Objective
Upgrade the SGOS software on the Blue Coat® ProxySG® to the latest version.
Steps
The procedure for upgrading SGOS is the same for both the ProxySG and MACH5 versions of
SGOS. However, the directions below are for the standard Blue Coat UI. If you are running
the Sky UI, enter the Advanced Configuration via the button on the lower left part of the
screen when you are in the Sky UI Configuration tab.
1.
Open your browser, and access the URL https://proxyIPaddr:8082
2.
Click on the management console section on the left part of the screen
3.
Click the Maintenance tab at the top of the screen
4.
Click on Upgrade to the left of the screen
5.
Two tabs will show at the top of the screen. Click the ‘Systems’ tab to view which
version of SGOS your SG is running as well as the available slots the SG has for
software upgrades. Ensure that there is a slot open by either verifying ‘empty’ shows
up at least once in the list of systems, or that the ‘Replace’ check box is selected next
to an older version of SGOS that you want to replace.
6.
Click the Upgrade tab at the to of the screen
7.
You will now need to retrieve the URL to download the new version of SGOS. Open a
new browser window to the Blue Coat support web site:
https://support.bluecoat.com. Once on the site, click the Downloads tab at the top of
the screen.
8.
Under the ProxySG section, click on SGOS 5.4
9.
Enter your login credentials for the site on the left (these are also known as Blue Touch
credentials). NOTE: if you do not have a Blue Touch account, you can request one from the same
page with the link on the right. You will need a Blue Touch account for the Acceleration Boot
Camp course so it is a good idea to set one up now.
10. A list of SGOS versions will show up along with links to the supported Blue Coat hardware
platforms. Click in the section of the latest version of SGOS (on the top of the list) to the link that
matches the model of SG you are upgrading.
11. A software licensing agreement will appear. Click that you agree to the terms before continuing.
12. The screen that comes up next will allow you to download the file directly, which is the first
‘Download Now’ button. The second field is a URL that can be pasted directly into the SG. Select
the URL field and copy the text.
13. Go back to the SG GUI, which still should have the Upgrade screen up from step 6. Paste the
download URL into the field on the SG
14. Click the download button. The SG will download the new software image.
Page 8 of 10
15. Once the download is finished, restart the SG. The SG can be restarted via the Restart button at
the bottom of the upgrade screen.
Licensing the SG
Objective
Ensure the SG has the appropriate license activated.
Steps
If the SG you are using already has a valid license, this step can be skipped. If the SG has a
trial version license that will last long enough to complete your evaluation or lab test exercise,
this step may also be skipped.
Best practice is to license the SG as part of the initial process of racking, installing, and
upgrading to ensure there is no loss of functionality later in the event a license trial period
runs out.
To license the SG, you will need the SGOS 5.x license key, which has a unique software serial
number, as well as a valid login account to the Blue Coat licensing server (your Blue Touch
account used in step 7 of the previous exercise will work)
1. Open a new browser window to the Blue Coat support web site:
https://support.bluecoat.com. Once on the site, click the Licensing tab at the top of
the screen.
2. Select License a Proxy
3. A login window pops up. Enter your Blue Touch credentials and log in.
4. The licensing self-service window appears. You may see other SG’s listed in the
window; these are SG’s that are registered to the company or organization you are a
part of.
NOTE: it is best practice when installing Blue Coat SG’s at a customer engagement to
have them create their own login for the licensing server so that the SG’s will be
licensed and registered to their company and not to your own.
5. Enter the appliance serial number and model number in the area at the bottom of the
page and click ‘Register New Appliance’
6. You should get a screen with a new message: Support – License Management. Now
Registering Appliance!
Done!
7. If the registration process fails, or does not show Done!, contact Blue Coat support to
ensure the serial number is properly registered in the system and your software
contract(s) are in place.
8. The Serial Number is now registered with Blue Coat, but now the actual license for this
SG needs to be activated. To do so, continue with the following steps:
9. Click on the Edit this Hardware button.
10. In the new screen that comes up, click on Manage Software Serial Numbers
11. Scroll to the bottom of the screen, to where there are boxes to Add a New Software
Option to this appliance.
12. In one of the boxes, enter the software serial number that shipped with your Blue Coat
SG. If you do not have one or it is lost, please contact Blue Coat support or your local
Blue Coat channel representative.
13. Click the Apply button
14. Wait as the software is registered to that SG
15. Once the software features are registered to that SG/serial number, those features
show up under the serial number and model number at the top of the screen.
16. The license key can be downloaded via web or via a license file. A license file provides
a quick restore if the SG ever needs to be factory reset and is a good thing to store in
a secure location on site or on a server.
Page 9 of 10
17. To download the license file, click on the ‘Get License’ link at the right under Cust.
Info.
18. Download the .bin file when prompted.
19. Go back to the management UI for the SG. If you are using Sky UI, make sure you go
to the Advanced Configuration UI for the remaining steps.
20. Click on the Maintenance ->Licensing tab and then click the Install tab at the top of
the screen.
21. From the pull down menu at the bottom of the page, choose ‘local file’ and then click
the install button.
22. Locate the .bin file you downloaded in step 17.
23. Select the file. Click OK to install the license file.
24. The SG should now report the license file was successfully installed. Check the
Maintenance tab -> Licensing -> View to ensure the expiration date shows as ‘none’
under the software features you have licensed.
Completing the Lab
Objective
Once the lab is completed, capture evidence that you have been able to upgrade SGOS and
register the Hardware and Software licenses on a Blue Coat SG appliance.
Steps
1. Open a GUI session on the SG. NOTE: If you are running Sky UI, go to the standard
UI configuration by selecting the Advanced Configuration button at the lower left part
of the screen when you are in the Sky UI Configuration tab.
2. Go to the Configuration tab at the top of the screen. Navigate to General>Identification, and take a screen shot – this will show the Software upgrade portion
of the lab was completed.
3. Go to the Maintenance tab at the top of the screen. Click on the Licensing section on
the left side of the screen and take a screen shot – this will show the licensed
components on the SG – at the very least, SGOS should be listed with no expiration
date.
4. Submit the screen shots with your contact information to either the Blue Coat Learning
Management System or to your Blue Coat channel SE.
Page 10 of 10