Documentation
|
Support
Table of Contents
Overview
Content Gateway deployment options
Content Gateway components
Content Gateway processes
Content Gateway administration tools
Proxy traffic analysis features
Technical Support
Getting Started with Content Gateway
Accessing the Content Gateway manager
Configuring Content Gateway for two-factor authentication
Accessing the Content Gateway manager if you forget the master administrator password
Content Gateway online Help
Entering your subscription key
Providing system information
Verifying that the proxy is processing Internet requests
Using the command-line interface
Starting and stopping Content Gateway on the command line
Web Proxy Caching
Ensuring cached object freshness
HTTP object freshness
Modifying the aging factor for freshness computations
Setting an absolute freshness limit
Specifying header requirements
Cache-Control headers
Revalidating HTTP objects
FTP object freshness
Scheduling updates to local cache content
Configuring the Scheduled Update option
Forcing an immediate update
Pinning content in the cache
To cache or not to cache?
Caching HTTP objects
Client directives
Configuring the proxy to ignore client no-cache headers
Origin server directives
Configuring the proxy to ignore server no-cache headers
Configuring the proxy to ignore WWW-Authenticate headers
Configuration directives
Disabling HTTP object caching
Caching dynamic content
Caching cookied objects
Forcing object caching
Caching HTTP alternates
Caching FTP objects
Disabling FTP over HTTP caching
Explicit Proxy
Manual browser configuration
Using a PAC file
Sample PAC file
Using WPAD
Configuring FTP clients in an explicit proxy environment
Transparent Proxy and ARM
The Content Gateway ARM
Transparent interception strategies
Transparent interception with a Layer 4 switch
Transparent interception with WCCP v2 devices
WCCP v2 setup outline
WCCP v2 supported features
ARM bypass and WCCP
WCCP load distribution
Configuring WCCP v2 routers
Configuring service groups on the WCCP device
Enabling WCCP processing for a service group
Disabling WCCP processing for a service group
Enabling WCCP v2 security on the router
Enabling WCCP v2 in Content Gateway
Configuring service groups in the Content Gateway manager
Configuring a service group (editing wccp.config)
Transparent interception and multicast mode
Transparent interception with policy-based routing
Transparent interception with software-based routing
Configuring Content Gateway to serve only transparent requests
Interception bypass
Dynamic bypass rules
Static bypass rules
Viewing the current set of bypass rules
Connection load shedding
Reducing DNS lookups
Additional Proxy Configuration
Content Gateway IP spoofing
Configuring IP spoofing
Content Gateway support for IPv6
Clusters
Changing clustering configuration
Adding nodes to a cluster
Deleting nodes from a cluster
Virtual IP failover
What are virtual IP addresses?
Hierarchical Caching
HTTP cache hierarchies
Configuring Content Gateway to use an HTTP parent cache
Configuring the Cache
Changing cache capacity
Increasing cache capacity
Reducing cache capacity
Partitioning the cache
Partitioning the cache according to origin server or domain
Configuring cache object size limit
Clearing the cache
Changing the size of the RAM cache
DNS Proxy Caching
Configuring DNS proxy caching
Saving and Restoring Configurations
Taking configuration snapshots
Restoring configuration snapshots
Deleting configuration snapshots
Monitoring Traffic
Viewing statistics in the Content Gateway manager
Viewing statistics from the command line
Working with alarms
Using Performance graphs
Creating SSL certificate authorities reports
Creating an SSL incidents report
Working With Web DLP
Deploying Content Gateway to work with Forcepoint DLP
Registering Content Gateway with Forcepoint DLP
Registering Content Gateway with Forcepoint DLP manually
Web DLP configuration options for Content Gateway
Stopping and starting Forcepoint DLP processes
Configuring the ICAP client
ICAP failover and load balancing
Working With Encrypted Data
Enabling SSL support
Initial SSL configuration tasks
Certificates
Internal Root CA
Importing your Root CA
Creating a new Root CA
Creating a subordinate certificate authority
Backing up your internal Root CA
Managing certificates
Adding new certificate authorities
Backing up certificates
Restoring certificates
Automatic certificate updates
Decryption and Encryption
SSL configuration settings for inbound traffic
SSL configuration settings for outbound traffic
Validating certificates
Bypassing verification
Keeping revocation information up to date
Directing SSL traffic to Content Gateway via explicit proxy
Managing HTTPS website access
Viewing incidents
Changing the status of an incident
Deleting an incident
Changing the text of a message
Viewing incident details
Adding websites to the Incident List
Client certificates
Importing client certificates
When a client certificate is always required: the Hostlist
Deleting client certificates
Customizing SSL connection failure messages
Custom certificate key
Importing a custom certificate key
Creating a custom certificate key
Backing up a custom certificate key
SSL decryption port mirroring (appliance deployments)
Content Gateway Security
Controlling client access to the proxy
Controlling access to the Content Gateway manager
Setting the administrator ID and password
Creating a list of user accounts
Controlling host access to the Content Gateway manager
Using SSL for secure administration
FIPS 140-2 Mode
Content Gateway filtering rules
Creating an add_hdr rule to allow Google enterprise gmail
Configuring SOCKS firewall integration
Configuring SOCKS servers
Setting SOCKS proxy options
Setting SOCKS server bypass
Using the Split DNS option
Content Gateway user authentication
Browser limitations
Global authentication options
Surrogate credentials
Integrated Windows Authentication
Configuring Integrated Windows Authentication with a load balancer
Troubleshooting Integrated Windows Authentication
Legacy NTLM authentication
LDAP authentication
RADIUS authentication
Rule-Based Authentication
Unknown users and the 'alias' option
Rule-based authentication Domain list
Creating an authentication rule
Working with existing authentication rules
Rule-based authentication use cases
Authentication based on User-Agent
Authentication using Captive Portal
Client certificate authentication
Troubleshooting authentication rules
Mac and iPhone/iPad authentication
Working With Log Files
Event log files
Managing event log files
Event log file formats
Using standard formats
Custom format
Creating summary log files
Applying logs_xml.config file changes to all nodes in a cluster
Choosing binary or ASCII
Using logcat to convert binary logs to ASCII
Rolling event log files
Splitting event log files
Setting log splitting options
Editing the log_hosts.config file
Collating event log files
Configuring Content Gateway to be a collation server
Configuring Content Gateway to be a collation client
Using a stand-alone collator
Viewing logging statistics
Viewing log files
Example event log file entries
Squid format
Netscape examples
Cache result codes in Squid- and Netscape-format log files
Statistics
My Proxy
Summary
Node
Graphs
Alarms
Diagnostics
Protocols
HTTP
FTP
Security
Integrated Windows Authentication
LDAP
Legacy NTLM
SOCKS
Web DLP
Subsystems
Cache
Clustering
Logging
Networking
System
ARM
ICAP
WCCP
DNS Proxy
DNS Resolver
Virtual IP
Client Connection Status
Performance
SSL
SSL Key Data
CRL Statistics
Reports
Commands and Variables
Content Gateway variables
Statistics
Configuration Options
My Proxy
Basic
Subscription
UI Setup
Snapshots
Logs
Protocols
HTTP
HTTP Responses
HTTP Scheduled Update
HTTPS
FTP
Content Routing
Hierarchies
Mapping and Redirection
Browser Auto-Config
Security
Connection Control
FIPS Security
Web DLP
Access Control
SOCKS
Subsystems
Cache
Logging
Networking
Connection Management
ARM
WCCP
DNS Proxy
DNS Resolver
ICAP
Virtual IP
Health Check URLs
SSL
Event Logging Formats
Logging format cross-reference
Content Gateway Configuration Files
auth_domains.config
auth_rules.config
bypass.config
cache.config
filter.config
hosting.config
ip_allow.config
ipnat.conf
log_hosts.config
logs_xml.config
mgmt_allow.config
parent.config
partition.config
records.config
Configuration variables
System variables
Local manager
Process manager
Virtual IP manager
Alarm configuration
ARM
Load shedding configuration (ARM)
Authentication basic realm
LDAP
RADIUS authentication
NTLM
Integrated Windows Authentication
Transparent authentication
HTTP engine
Parent proxy configuration
HTTP connection timeouts (secs)
Origin server connection attempts
Negative response caching
Proxy users variables
Security
Cache control
Heuristic expiration
Dynamic content and content negotiation
Anonymous FTP password
Cached FTP document lifetime
FTP transfer mode
Customizable user response pages
FTP engine
SOCKS processor
Net subsystem
Cluster subsystem
Cache
DNS
DNS proxy
HostDB
Logging configuration
URL remap rules
Scheduled update configuration
SNMP configuration
Plug-in configuration
WCCP configuration
FIPS (Security Configuration)
SSL Decryption
ICAP
Web DLP
Connectivity, analysis, and boundary conditions
remap.config
socks.config
socks_server.config
splitdns.config
storage.config
update.config
wccp.config
Content Gateway Error Messages
Content Gateway alarm messages
Content Gateway HTML messages sent to clients
Content Gateway standard HTTP response messages
Copyright 2023 Forcepoint. All rights reserved.
