No categorization for one or more websites

book

Article ID: 168401

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You are trying to create a policy based around the destination category of a URL using the Bluecoat WebFilter (BCWF) or Bluecoat Intelligent Services (BCIS).  After running policy traces to determine why the traffic is not being allowed or denied as expected, a policy trace has determined that the only category is from a different Database, such as the Local, IWF, or a policy defined category.

You have confirmed that BCWF or BCIS is enabled and the last database downloaded was successful.

Reviewing the BCWF or BCIS configuration under Configuration > Content Filtering > General, you see that BCWF or BCIS is Enabled, however, the Lookup Mode is set to Uncategorized.

Cause

The ProxySG appliance will not check the BCWF or BCIS database for a category if any of the content filter databases are set as Uncategorized, and there is any category match from any of the available Content Filter Databases.

Example:

You create a policy-based category in the Visual Policy Manager called Whitelist. This category contains cnn.com.

If BCWF or BCIS is set as Uncategorized, a database lookup will be skipped if the URL match is found in policy, a Local database, or the Internet Watch Foundation (IWF) database.

Resolution

To avoid this behavior:

  1. Go to Configuration Content Filtering > General
  2. Set the Lookup mode for Blue Coat to Always
  3. Click Apply


BCWF recommended settings

Additional technical information

The concept of Uncategorized Lookup mode is based on the idea to not have the ProxySG appliance run additional queries that are expected to be answered by other databases. 

When your ProxySG appliance is licensed to use BCWF for content filtering, setting the Lookup mode to Uncategorized lessens the benefit of BCWF categorization. In most instances, the BCWF database contains the most URLs and is more up to date than any other on the appliance. As a result, even if your policy uses policy-based, local, IWF or other databases, there is always a benefit to ensuring that BCWF lookups are performed also.

By contrast, if you are combining BCWF with IWF or a Local database, it is more sensible to mark the Local database and IWF as Uncategorized, so if BCWF does not have a category, only then will you send additional queries against the other databases.

See Use policy trace to debug access issues

Attachments