SGOS 126.96.36.199 and later includes a way for you to validate your SGOS system image and bootchain on the ProxySG appliance. After you upgrade to SGOS 188.8.131.52 or later, you can use the show installed-systems verbose CLI command to display the image signature. You can then compare the signature displayed for each release against a list of valid signatures posted on MySymantec.
Important: This method is available for the ProxySG 300, 600, 810, 900, 9000, S-Series, MACH5 VA, and SWG VA platforms. In addition, the show installed-system verbose output does not always display system image signatures for releases prior to SGOS 6.5.x. In certain releases (in SGOS 6.6.x, this applies to 184.108.40.206 and later, and in SGOS 6.7.x, to 220.127.116.11 and later), the show installed-system verbose command does not display image signatures because the boot loader automatically verifies the signature during the boot process. The signatures on the MySymantec that you can use for comparison are available only for SGOS 6.5.x and later releases.
Step 1: Upgrade SGOS
If you have already upgraded to SGOS 18.104.22.168 or later, proceed to Step 2: Compare Signatures.
Log in to MySymantec with your username and password.
Click Network Protection (Blue Coat) Downloads.
In the Browse My Software and Documentation table, click ProxySG. Then, select your platform/product model.
Select the release and agree to the terms.
Download and read the SGOS Release Notes for this specific release.In addition, refer to the SGOS Upgrade/Downgrade Guide to determine that your upgrade path is supported.
Download the system image.
Step 2: Compare Signatures
For each system image you want to validate, compare the value in the signature file with the value in CLI output.
If needed, log in to MySymantec again and locate the release. Look for the signature file (SGOS_signatures.txt).
Download and open the signature file.
Locate the bootchain signatures near the top of the file. Below the bootchain signatures, look for the system image signatures on a line that corresponds to an SGOS release.
Log in to the ProxySG CLI and type the following command: > show installed-systems verbose
In the command output, look for the image you want to verify and note the Signature: value.If it matches the value in the signature file, it is valid. Refer to the "Sample CLI Output" section in this article for an example. If the value does not match, contact Symantec Technical Support.
Repeat the previous steps for each image that you want to validate.
Note: The B
oot_chain Signature: and
Boot_chain Version: values indicate the bootchain's signature and version. If you run the command on the 810 platform, the
Boot_chain values are empty.
Sample CLI output
> show installed-systems verbose ProxySG Appliance Systems
1. Version: SGOS 22.214.171.124, Release ID: 157094 Saturday May 2 2015 09:12:21 UTC, Attributes: Signed, FIPS capable Boot Status: Last boot succeeded, Last Successful Boot: Tuesday May 5 2015 12:56:55 UTC Disk Layout: Compatible Signature: 8527623d006f290ac74e2f8cd4c75d4bf7e9c537
... Default system to run on next hardware restart: 2 System to replace next: 5 Current running system: 2 Enforce signed: Enabled Boot_chain Signature: <signature> Boot_chain Version: <version>
If a system image is invalid, the system does not boot the image; instead, it deletes the images and attempts to boot the next image.
Imported Document ID: 000024130
Subscribing will provide email updates when this Article is updated. Login is required.