Product Information

SGOS 6.1.1.1 GA

Product Information ID:    INFO1008
Version:    2.0
Status:    Published
Published date:    09/22/2010
Updated:    09/27/2010
 

Description

ProxySG SGOS 6.1.1.1 has been released

What's New

SGOS 6.x Features

64-Bit Operating System

The new 64-bit OS provides increased scalability and throughput for 64-bit platforms (SG810, SG8100, and SG9000s).

Flash Streaming Media Support (RTMP Proxy) 

SGOS 6.1.1.x introduces streaming proxy support for the RTMP (Flash) family of protocols. Proxy support enables acceleration, monitoring, and control of Adobe Flash streaming media based traffic.

The RTMP proxy provides bandwidth usage optimization for live streaming traffic by splitting live streams. When a live stream is split, the ProxySG fetches the live stream once from the server and serves it from the appliance to all requesting clients.

Other supported features include the ability to monitor/control Flash streaming traffic handled by the ProxySG appliance and CDN inter-operability. If you have several ProxySG appliances, you can also define hosts and groups of hosts to which client requests can be redirected to create proxy chains. Those hosts can be servers or proxies. Define policy rules to redirect requests.

Configuring the RTMP proxy requires several steps. Consult the Online Help System from the Configuration > Proxy Settings > Streaming Proxies > Flash tab. 

Asymmetric Route Detection and Handling

When reflect-client-ip is enabled, the ProxySG appliance is able to detect asymmetric routing for intercepted connections. New connections from the same source and destination IP pair are dynamically bypassed after asymmetric routing is detected (detection occurs on the first reset packet). The IP pairs are added to a table that contains the list of dynamically bypassed asymmetric routes.

SmartFilter Category Map 4 Support

SGOS 6.1.1 provides support for SmartFilter Category Map version 4. SGOS 5.5.x provided support up to version 3.

 

Documentation

Download the SGOS image and the release notes at : https://bto.bluecoat.com/download/product/5351

Known Issues

Archiving

  • Saving and restoring a signed configuration archive fails. Workaround: store the configuration in an unsigned archive. (B#145839)
Caching
  • Possible stale client connections when multiple concurrent connections requesting an object that satisfies the following: the response header does not contain content-length, object is not chunked-encoded, and object is larger than 500KB. (B#145695, SR 2-317195422) 
Director
  • When accessing the Management Console through Blue Coat Director, the Help links do not work. (B#142142)
  • Director might become unresponsive when executing a profile or restoring a backup on a ProxySG appliance. If this occurs, reboot Director. (B#144460)
Doc Errata
  • The Help button on the Maintenance > Health Monitoring > Licensing tab links the incorrect location. Paste the following into the browser : https://SG_IP_Address:8082/Secure/Local/console/AT_Monitoring.72.36.html    (B#145549)
Event Logging
  • Taking a disk offline that has the main copy of the event log results in an empty event log when read although the object is mirrored on other disks.

HTTP Proxy 

  • When the Clientless Limits feature is enabled and many clientless requests are in a deferred status, disabling the limit configuration might cause the ProxySG appliance to crash. To prevent, do not disable the limits when more than one thousand requests are deferred. (B#143016)
  • Internet Explore 6 clients might be unable to use Siebel 8 while proxied through the ProxySG appliance. A workaround is to disable pipelining. (B#145241)
  • If the ProxySG appliance has URL rewrite policy to rewrite request.header. Referer and request.header.Location, on occasion it sends a Zero-chunk block twice when the response is chunk encoded data. (B#144623, SR 2-291847282)
  • When the client sends a request for a non-standard accept-encoding, such as x-gzip, and the object is already cached, the ProxySG appliance does not serve the cached copy. (B#144684, SR 2-318001457)

IPv6 

  • In an IPv6-only network (no IPv4 connections to the ProxySG appliance) with RCIP disabled, the ProxySG appliance requires the server_url.dns_lookup prefer-ipv6 policy to successfully resolve IPv6 DNS requests. (B#143668)
  • If the local category database contains IPv4 address, DNS lookup from the ProxySG appliance is always IPv4 only regardless of policy setting. (B#145286, SR 2-307821662)
  • DSCP over IPv6 is not yet supported. (B#143787)

Malware Scanning (ICAP)

  • When the server sends a compressed object and the ICAP server decides that the object needs to be replaced, the ProxySG appliance 

Management Console

  • Sorting Proxied/Errored Sessions on the Active Sessions tab might not work correctly. (B#143988)
  • The Configuration > Network > Adapters > Configure page does not properly display a link speed when a 10GB is installed in the ProxySG appliance. The field is blank and the drop-down is empty. The link correctly operates at 10GB if settings are automatically negotiated. (B#145212) 

Networking

  • Extraneously large connection forwarding table might cause the ProxySG appliance to stop responding to management consoles. (B#144396)
  • Installing a static route or RIP route that overlaps with the interface route on the ProxySG appliance might corrupt; pings to hosts on the same subnet or hosts through gateway route fail. (B#144441)
  • In rare cases, the ProxySG could restart if bandwidth management was disabled while the system was under heavy load. (B#144958, SR 2-302190883)
  • Bypass Configuration: Setting to trigger on connect-error does not work. SGOS does not add addresses to the dynamic bypass list with this setting. However, trigger all works if you enable all bypass policy triggers. (B#145125)
  • The show configuration command does not list the mode for a failover group. The ID of the master is shown, but not the failover mode. Users who generate scripts with this command must manually edit them to add the failover mode. (B#145609)
  • TCP connections for mis-behaving servers that do not properly close the connection leave the connection open for an extended period of time (up to 10 minutes). Use the tcp-ip inet-lowport command to increase the port range. (B#145817, SR 2-320946712)
  • When Bypass Keep-Alive is enabled, only the bypassed connections that are received after it is enabled apply; pre-existing connections continue to exist without sending keep-alive. (B#144923)
  • The backup ProxySG appliance in the SGRP group excessively advertises, which could result in the backup ProxySG appliance becoming the master for short periods of time. (B#144800, SR 2-301696882) 

Platform-specific - SG9000

  • Only use auto-configuration on the 0:0-3 interfaces. (B#144158)
  • The SG9000 platform takes up to a minute before the front panel display is active. (B#137016)
  • In the CLI console for an SG9000 with a 10GB interface: If you enter speed 10, the CLI reports that the speed has been changed to 10Mb/s rather than the intended 10Gb/s. However, the actual speed used in the network connection is 10Gb/s. Workaround: specify 10Gb/s with speed 10000 for 10Gb/s. (B#145218)

RTMP Proxy (Flash)

  • There is a possibility of leaking one worker client connection if the client connection closes abruptly without finishing the initial handshake. This is more likely when the RTMP protocol is used. (B#143303)
  • Upon upgrading to SGOS 6.1.1, the Configuration > Access Logging > General > Default Logging tab displays none for Flash streaming. (B#143817)
  • When playing audio-only live streams using version 10.1 of the Adobe Flash plugin, users might experience missing audio after a certain sequence of play/pause operations. The workaround is to click on play/pause controls a couple of times. (B#144180)
  • When Flash Media Server is configured to use the AutoCloseIdleClients option, it might timeout client connections accessing a live stream that is being split at the ProxySG.
  • The Configuration > Access logging > General> Default logging tab lacks support for the configuration of default logs.
  • HTTP errors from the server or upstream ProxySG appliances might not be recorded correctly when generating access log entries.
  • When using RTMPT protocol, some bytes from the client on each HTTP request might be counted as HTTP protocol bytes instead of Flash bytes.
  • While playing VOD streams, pausing, seeking, and resuming playback multiple times might cause disconnections. If the client application disconnects abruptly while playing a stream, an access log entry for that playback session might not be created.
  • Access log entries created by Flash proxy do not log a value for s-totalclients field.
  • In a proxy chaining scenario, pausing a live stream might hang the Flash application on the client end. Workaround: Reconnect the application by restarting the browser.
  • Only HTTP/1.1 persistent connections are supported when communicating with the Flash Media Server. If using HTTP/1.0, or non-persistent connections, the Flash player might hang.
  • Clients connected to a live stream might experience a brief glitch or stall when other clients disconnect.
  • Advanced functionality such as dynamic streaming and stream publishing are not supported in this release.

Security

  • If the ProxySG appliance is not connected to the network, the restoredefaults factory-defaults operation deletes the appliance factory certificate. Retrieve the certificate again using the request-appliance-certificate after the ProxySG appliance is re-connected to the network. (B#144621)

SKY UI

  • The Sky configuration tool does not properly display a link speed when a 10GB is installed in the ProxySG appliance. The field is blank and the dropdown is missing an entry for 10GB. The link correctly operates at 10GB if settings are automatically negotiated. (B#145214)
  • Accessing the configuration Management Console either directly through entering a URL or through links in the SkyUI causes Safari to hang. Switch to another supported browser. (B#145865)

Streaming

  • In a proxy chaining deployment, after playing a VOD stream until the end of the stream through RTSP, the connection between the downstream ProxySG appliance and the upstream ProxySG appliance is not terminated after the client exits. (B#145118)

Visual Policy Manager (VPM)

  • When the rules are moved up and down, text in the Comments column is deleted when the rules are moved with the focus in Comments field. (B#139384)

WCCP

  • Applying server side bandwidth management policy does not function correctly in WCCP deployments. (B#142616)

Yahoo Instant Messaging

  • Explicit/SOCKS connection through the ProxySG appliance with Yahoo 8.1 clients: file transfer are successful but no statistics representing as such. (B#141470) 

 


 Limitations


 

These issues are known by Blue Coat but are not fixable because of the interaction with third-party products, works as designed but might cause an issue, or other reason.

Management Console
  • The default Active Session list requests limit is 5,000.
Sky UI
  • You cannot click View WCCP Settings if the configuration is not complete (no pairs added) 

Release Schedule

 Product was released on 09/22/10


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question