Symantec MA to CA Migration

August 16, 2018

no comments

 

Symantec or in previous name Bluecoat release an Upgrade Guide for moving  to Cas-Maa   (Content Analysis platform & Maa-Sandbox Platform)

When an existing Malware Analysis customer decides to upgrade their system to Content Analysis the resulting
model is as follows:
• MAA-S400-10 models will become CAS-S400-A4 models.
• MAA-S500-10 models will become CAS-S500-A1 models.

This process will upgrade a Malware Analysis appliance 4.2.3+ installation to Content Analysis 2.2 (build
207429).  The upgrade Takes ~45 Min.

you can download the original PDF – Symantec_MA_to_CA_Migration_Guide_v1_2018-04-21.pdf from yours “Mysymatec” Account. 

Prerequisites:

* Register serial number and entitlement ID on licensing portal
* Serial console access to the MAA device
* g2 user credentials – The default Password is – norman  . if you change the default Password you need to have the new one
* Internet connectivity – needed for retrieval of new Content Analysis birth certificate
* MA OS 4.2.3 or later
* Running on BlueCoat S-series hardware (MAA-S400-10 or MAA-S500-10)

*** Verify that port 8082 is now open on your FW.           

Interface mappings

Current MAA Interface name New CA Interface name
Backend Interface – eth0 Interface 0:0
Internet Interface – eth1 Interface 1:0   This is the “dirty Line” 
Unused Interface 1:1

Installation:
1. Register your system for migration at the Symantec licensing portal for Network Protection Products (Network Protection (Blue Coat) Licensing )

b &c . You will need to have your appliance serial number and the MA subscription serial number at
hand. The subscription serial number was sent via email with a Maintenance Service Contract
attachment.

d. The licensing portal will validate the Malware Analysis unit correlates with the provided
subscription,
e. After the licensing portal has validated the Malware Analysis unit and subscription are valid, a
new Content Analysis license and subscription will be generated for the remaining term of the
existing Malware analysis system.
f. Make a local copy of the response page you receive as this contains the password needed to
unarchive the migration package. (this is a security measure to prevent any accidental
migrations)
2. Only after the above licensing validation was successfully completed should you continue with the
migration. If the above licensing validation fails, please contact Symantec support to solve the issue.
3. Make sure you have serial console access to your device
a. The installation script has to be executed from a serial console, NOT over ssh
4. Unarchive the migration package using the password provided on the licensing portal.
5. SCP the SYMANTEC_MA_TO_CA_MIGRATION file to your MAA device
a. From the folder where the file was downloaded to
scp ./SYMANTEC_MA_TO_CA_MIGRATION g2@your_maa_device:/home/g2
scp ./SYMANTEC_MA_TO_CA_MIGRATION.sha256 g2@your_maa_device:/home/g2

you will prompt for g2 Password

b. You may also host the migration package on a local web server and use curl from the MA CLI to
retrieve it.
6. Logon to your Malware Analysis device through the serial console access
7. Change to the directory of the install script
a. cd /home/g2
8. Verify the sha 256 checksum of the file
a. sha256sum ./SYMANTEC_MA_TO_CA_MIGRATION
b. cat SYMANTEC_MA_TO_CA_MIGRATION.sha256
c. Should look something like this (verify the two outputs are identical)
9. Set execute permissions on the migration file:
a. chmod a+x ./SYMANTEC_MA_TO_CA_MIGRATION
    4 Symantec MA to CA Migration 2018-04-21
10. Execute the migration (IMPORTANT – This is the point of no return after executing this command):
a. ./SYMANTEC_MA_TO_CA_MIGRATION
* During the first seconds of the execution, you will be prompted for sudo password.
11. The migration script takes a few minutes to do its work.
a. After it has finished, you will be asked to reboot the server.
b. After reboot, the machine will be unavailable for some time while setting up RAID and
partitions.
12. Once the machine has booted into CA, you need to run the
Initial Configuration Wizard from the serial console,
a. Chose option 2 Setup Console
b. Set up IP addressing and system passwords.  You must Enter a new Password if you don’t, You cant logon on to System
13. Login through the serial console
a. ping the default gateway to verify connectivity
14. Login through the webUI
a. https://x.x.x.x:8082

15. Refer to the Content Analysis documentation for further configuration of the system:
https://origin-symwisedownload.symantec.com/resources/webguides/contentanalysis/23/index.htm
16. In particular look to the following sections:
a. Initial setup and licensing
https://originsymwisedownload.
symantec.com/resources/webguides/contentanalysis/23/index.htm#Topics/Tasks/solution_initial_conf
iguration.htm%3FTocPath%3DContent%2520Analysis%2520System%2520Initial%2520Configuration%7C_____0
b. Configure Malware Analysis
https://originsymwisedownload.
symantec.com/resources/webguides/contentanalysis/23/index.htm#Topics/Tasks/solution_malware_a
nalysis.htm%3FTocPath%3DPerform%2520Malware%2520Analysis%7C_____0
Also available as a separate document: https://support.symantec.com/en_US/article.DOC10908.html
c. Dedicate system as a Malware Anaylsis system (set to “Optimized for On-Box sandboxing”)
https://originsymwisedownload.
symantec.com/resources/webguides/contentanalysis/23/index.htm#Topics/Tasks/system_resource_all
ocation.htm

 

SHMUEL H.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*