Applies To:Show Versions
- 17.0.0, 16.1.2, 16.1.1, 16.1.0
Configuring the URL Database for SWG
About initial configuration steps for SWG
Overview: Downloading and updating the URL database for SWG
- Master database
- Real-time Security Database
- Advanced Classification Engine (ACE) database
- Master Database updates (MasterDB) - This database is updated by Forcepoint once a day and is required to be downloaded once per day. The MasterDB can be downloaded based on a configurable schedule
- Real-time database updates (RTU) - polled every 10 minutes
- Real-Time Security Updates (RTSU) - polled every 10 minutes ACE database updates - polled every 15 minutes
upstream proxy for the BIG-IP system
- On the Main tab, select.
- In theNamefield, type a name for the proxy server.
- In theIP Addressfield, type the IP address for the proxy server.
- In thePortfield, type the port number for the proxy server.
- In theUser NameandPasswordfields, type credentials for an account on the proxy server, if needed.
- DNS for the BIG-IP device in the System area of the product.
- A default route in the Network area of the product.
- On the Main tab, click.
- In the Download Settings area from theDownloadslist, selectEnabled.Additional settings display.Download Scheduledisplays a default schedule for the download.
- To download the database to an upstream proxy, select theUse Proxycheck box.
- In theDownload Schedulesettings, configure a two-hour period in which to start the download.Schedule the download to occur during off-peak hours. The default schedule is between one and three A.M.After the download completes, database indexing occurs. It consumes a high amount of CPU.The process of downloading the master database and the database indexing that follows can take 30 minutes to several hours depending on system capacity.
- ClickUpdate Settings.
- To download the database immediately, clickDownload Now.A download occurs only when a newer version becomes available.Database indexing occurs after the download and impacts system performance.The ANTserver service is not available on the BIG-IP system for approximately 300 milliseconds after the database download completes.
Looking up a URL category in the master database
- On the Main tab, click.
- In theURLfield, type the URL that you want to look up.Type the complete URL, including the URI scheme.Typehttps://www.google.com; notwww.google.comorhttps://www.google.
- ClickSearch.Custom categories are not searched.Results display in the URL Category table.
for the URL database
- On the Main tab, click.A log settings table screen opens.
- From the table, selectdefault-log-settingand clickEdit.A log settings popup screen displays.
- Verify that theEnable access system logscheck box is selected.
- To configure settings for access system logging, selectAccess System Logsfrom the left pane.Access System Logs settings display in the right panel.
- From theLog Publisherlist, select the log publisher of your choice.A log publisher specifies one or more logging destinations.The BIG-IP system is not a logging server and has limited capacity for storing, archiving, and analyzing logs. For this reason a dedicated logging server is recommended.
- To change the minimum log level, from theSecure Web Gatewaylist, select a log level.Setting the log level toDebugcan adversely impact system performance.The default log level isNotice. At this level, logging occurs for messages of severity Notice and for messages at all incrementally greater levels of severity.
- ClickOK.The popup screen closes. The table displays.
Viewing a URL database report
- On the Main tab, click.The Reports Browser displays in the right pane. The Report Parameters popup screen opens and displays a description of the current default report and default time settings.
- ClickCancel.The Report Parameters popup screen closes.
- In the Reports Browser in the General Reports list, select.The Report Parameters popup screen displays.
- Update the parameters, if necessary, and clickRun Report.The popup screen closes. The report displays in the Report Browser.
Secure Web Gateway database download log messages
Transfer Status 247
The file is transferred successfully to the BIG-IP system. If you see a Transfer Status other than 247, it might indicate an error.
The RTU Type is always 1. If you see an RTU Type other than 1, it might indicate an error.
The BIG-IP system does not use the expiration date in this message. Instead, the BIG-IP system enforces the SWG license and the database download works accordingly.