Q1. Does the the SWG VA need internet access to install the SWG VA license for the first time?

A. Yes, it needs an internet connection to communicate with the Blue Coat licensing servers.

Q2. What are the Blue Coat licensing servers?

The following are the Blue Coat licensing servers: 

https://download.bluecoat.com
https://services.bluecoat.com

https://bto-services.es.bluecoat.com

Q3. What other Blue Coat servers does the SWG VA communicate with, and why?

A. To prevent licensing issues (duplicate serial numbers), the SWG VA also communicates with https://validation.es.bluecoat.com. Communication attempts to https://validation.es.bluecoat.com occur every hour.  
   The license is suspended after 7 days if no communication can be made to https://validation.es.bluecoat.com.   
   Once communication is restored, the license is un-suspended and the accumulated failure count starts to decrease.

    Note:  if the VM does not have sufficient dedicated resources, or if the VM is restarted from a snapshot, or if the VM is suspended/restarted, a lost-time-synchronization event may occur.
    All the lost time will be added to the accumulated failure count.

Q4. Can I deploy the SWG VA in a closed network or in proxy chaining deployment?

A. In a closed network or proxy chaining mode, the SWG VA needs a TCP connection over port 443 either directly or via the upstream proxy on the following hosts:

https://download.bluecoat.com
https://services.bluecoat.com
https://validation.es.bluecoat.com

https://device-services.es.bluecoat.com

Note: Refer to the Secure Web Gateway Virtual Appliance Initial Configuration Guide for details on required configuration using forwarding host for SWG VA in proxy chaining mode.

Virtual device can not access the required URL's

Virtual ASG

Ensure that the virtual appliance has access to the URL's listed in this article