Symantec or in previous name Bluecoat release an Upgrade Guide for moving to Cas-Maa (Content Analysis platform & Maa-Sandbox Platform)
When an existing Malware Analysis customer decides to upgrade their system to Content Analysis the resulting
model is as follows:
• MAA-S400-10 models will become CAS-S400-A4 models.
• MAA-S500-10 models will become CAS-S500-A1 models.
This process will upgrade a Malware Analysis appliance 4.2.3+ installation to Content Analysis 2.2 (build
207429). The upgrade Takes ~45 Min.
you can download the original PDF – Symantec_MA_to_CA_Migration_Guide_v1_2018-04-21.pdf from yours “Mysymatec” Account.
* Register serial number and entitlement ID on licensing portal
* Serial console access to the MAA device
* g2 user credentials – The default Password is – norman . if you change the default Password you need to have the new one
* Internet connectivity – needed for retrieval of new Content Analysis birth certificate
* MA OS 4.2.3 or later
* Running on BlueCoat S-series hardware (MAA-S400-10 or MAA-S500-10)
*** Verify that port 8082 is now open on your FW.
Current MAA Interface name New CA Interface name
Backend Interface – eth0 Interface 0:0
Internet Interface – eth1 Interface 1:0 This is the “dirty Line”
Unused Interface 1:1
1. Register your system for migration at the Symantec licensing portal for Network Protection Products (Network Protection (Blue Coat) Licensing )
b &c . You will need to have your appliance serial number and the MA subscription serial number at
hand. The subscription serial number was sent via email with a Maintenance Service Contract
d. The licensing portal will validate the Malware Analysis unit correlates with the provided
e. After the licensing portal has validated the Malware Analysis unit and subscription are valid, a
new Content Analysis license and subscription will be generated for the remaining term of the
existing Malware analysis system.
f. Make a local copy of the response page you receive as this contains the password needed to
unarchive the migration package. (this is a security measure to prevent any accidental
2. Only after the above licensing validation was successfully completed should you continue with the
migration. If the above licensing validation fails, please contact Symantec support to solve the issue.
3. Make sure you have serial console access to your device
a. The installation script has to be executed from a serial console, NOT over ssh
4. Unarchive the migration package using the password provided on the licensing portal.
5. SCP the SYMANTEC_MA_TO_CA_MIGRATION file to your MAA device
a. From the folder where the file was downloaded to
scp ./SYMANTEC_MA_TO_CA_MIGRATION g2@your_maa_device:/home/g2
scp ./SYMANTEC_MA_TO_CA_MIGRATION.sha256 g2@your_maa_device:/home/g2
you will prompt for g2 Password
b. You may also host the migration package on a local web server and use curl from the MA CLI to
6. Logon to your Malware Analysis device through the serial console access
7. Change to the directory of the install script
a. cd /home/g2
8. Verify the sha 256 checksum of the file
a. sha256sum ./SYMANTEC_MA_TO_CA_MIGRATION
b. cat SYMANTEC_MA_TO_CA_MIGRATION.sha256
c. Should look something like this (verify the two outputs are identical)
9. Set execute permissions on the migration file:
a. chmod a+x ./SYMANTEC_MA_TO_CA_MIGRATION
4 Symantec MA to CA Migration 2018-04-21
10. Execute the migration (IMPORTANT – This is the point of no return after executing this command):
* During the first seconds of the execution, you will be prompted for sudo password.
11. The migration script takes a few minutes to do its work.
a. After it has finished, you will be asked to reboot the server.
b. After reboot, the machine will be unavailable for some time while setting up RAID and
12. Once the machine has booted into CA, you need to run the
Initial Configuration Wizard from the serial console,
a. Chose option 2 Setup Console
b. Set up IP addressing and system passwords. You must Enter a new Password if you don’t, You cant logon on to System
13. Login through the serial console
a. ping the default gateway to verify connectivity
14. Login through the webUI
15. Refer to the Content Analysis documentation for further configuration of the system:
16. In particular look to the following sections:
a. Initial setup and licensing
b. Configure Malware Analysis
Also available as a separate document: https://support.symantec.com/en_US/article.DOC10908.html
c. Dedicate system as a Malware Anaylsis system (set to “Optimized for On-Box sandboxing”)