Requirements & Limitations for Synchronizing CAS Scanning Profiles

Release: 3.2.2.1

Please be informed that Management Center supports synchronization of the following device types: SSL Visibility, Content Analysis, and Malware Analysis.

When devices have similar or exact configurations, you can copy the configuration of one device (the source) to one or
more similar devices running the same or later OS versions.

For Content Analysis, specifically with respect to the subject on this case, Please see and note the below.

Amongst other elements, CAS scanning profiles are synchronized by MC. MC Synchronizes base images and scanning profiles for on-box sandboxing. Synchronizing these eliminates the need to create individual scanning profiles on every CA device.

Note 1: If the base OS image is not on the target, it is transferred before synchronizing the profile.

Ref. doc.: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/management-center/2-4/generated-pdfs/management-center-3-1.pdf

Note 2: Content Analysis offers two ways to duplicate IVM profiles onto multiple appliances. Both methods require that you first prepare an export package of the profile you want to clone.

• Option 1: Import the export package and Windows base image directly. See "Import Directly from Another
  Content Analysis Appliance" below.

• Option 2: Use an intermediate server to host the export package and Windows image. See "Download
  from a Web Server" on the next page.

This operation requires that you enter CLI commands on each Content Analysis appliance (source and target
systems). It uses remote APIs to pull a profile export package and Windows base image off of a remote system
and place it on the current (target) system.

Requirements and Limitations

• The same Windows base image must be on the target appliance as the one used in the source profile. You
  must import the base image from the target.

• Added or imported IVM profiles do not persist with a downgrade to pre-2.2 versions. For example, if you
  downgrade to CA 2.1, you will lose any profiles that were imported from a different Content Analysis
  appliance.

• If you will be using an intermediate server to host the export package, you will need:

• • Network file storage for storing exported profiles

• • Web server for serving exported profiles to be used for importing

• You cannot import Malware Analysis 4.x IVM profiles.

We recommend that you investigate both the source and target appliances, diligently, to ensure the requirements are met.

Now, for your specific queries, after the requirements are met for both the source and target CAS appliances, the MC can now be used to synchronize the scanning profile, from source to the target appliance. It's important to note that MC synchronizes only the scanning profiles, and as we already know, the scanning profile sit on top of a ready base image. So, the CAS procedure to have the requirements met should be completed on both appliances, ahead of utilizing the MC to synchronize the scanning profiles.

For guidance on how you would synchronize both the source CAS appliance to the target CAS appliance, please refer to the guidance provided in pages 154 - 155 in the Tech. doc. with the URL below.

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/management-center/2-4/generated-pdfs/management-center-3-1.pdf

See the snippet below, for further clarification.

From the above, we have shown that the MC will definitely synchronize the scanning profile from a source CAS appliance to a target CAS appliance, both of which are managed, network, devices on the MC.