Since content filter database downloads can fail for many reasons - from simple network issues to vendor-specific consistency check failures - Blue Coat provides a detailed diagnostic log instead of sending content filter database failures to the event log. To access this specific diagnostic log, please do the following:
From the command line interface (CLI), use the CLI command SGOS#(config) show content-filter status
From the Management Console go to Statistics > Advanced > Content Filtering > Show content filter status
The Download log includes a step-by-step indication of what may have gone wrong. If you actually forced an immediate download in the GUI, this log is what the "results" button shows you.
- If you see "ERROR: HTTP 401 - Unauthorized" in this log, verify your content filter database credentials, such as username and password, are correct. A "401 - Unauthorized" could also mean that your content filter database subscription has expired. If your subscription has elapsed, please contact your reseller or Blue Coat account representative or Customer care team at 1 (800) 721 3934 [Option: 2 > 3] for renewal procedures.
- If a BCIS license was purchased, it is necessary to change the settings of the proxy to reflect it. Otherwise, the proxy will continue to use the expired license to download the database. This change can be made from Management Console > Configuration > Content Filtering > Blue Coat. Change the Data Source from 'Web Filter' to 'Intelligence Services' and select 'Apply'. Then download the database by selecting 'Download Now'. NOTE: If you have a BCIS license, it doesn't require a username and password to proceed with the download.
- If you have an upstream proxy and all internet traffic must be forwarded to this upstream proxy, you will need to ensure that 'download-via-forwarding' is enabled using the following CLI command:
Enter configuration commands, one per line. End with CTRL-Z.
SGOS#(config forwarding)download-via-forwarding enable
For further troubleshooting, obtain a packet capture of the download attempt. Packet captures can be obtained as follows:
- At the URL https://x.x.x.x:8082/PCAP/Statistics, and can be viewed with packet capture software such as Wireshark. You can download Wireshark at https://www.wireshark.org/
- Or else go to MC. Navigate to Maintenance - Service Information - Packet capture. Apply the following filter and start capture "ip host <client ip> or host <test website domain hostname e.g. www.surveymonkey.com> or ip host <test website IP Address> ". Reproduce the issue. Provide the URL in question, and please ensure minimum traffic and trace only the URLs in question.Stop packet capture.