Prepare TRITON AP-EMAIL for migration

Address these details before starting your TRITON AP-EMAIL migration.

  • Verify the current deployment. Ensure that your current deployment is functioning properly before you begin the upgrade. The upgrade process does not repair a non-functioning system.
  • Verify the system requirements for upgrade to version 8.5.x to ensure that your network can accommodate the new features and functions. See System requirements for this version for a detailed description.
  • Prepare Windows components. See All Forcepoint TRITON solutions for an explanation of general preparations for upgrading the Windows components in your email and web protection systems.
    Important: You must use your existing Forcepoint Manager Windows machine. Use of a newly installed Forcepoint Security Manager for an upgrade is not currently supported.
  • Ensure that your firewall is configured correctly so that the ports needed for proper email protection operation are open. See TRITON AP-EMAIL ports for information about all email protection system default ports, including appliance interface designations and communication direction.
  • Back up and remove tomcat log files and remove temporary manager files (optional; recommended to facilitate timely console upgrade). Use the following steps:

    1. Log onto the Windows server where the Forcepoint Security Manager resides.
    2. Navigate to the following directory:

      C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\logs

    3. Copy C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\logs to another location (for example, to C:\WebsenseBackup\Email), and then delete it in the directory mentioned in step 2.
    4. Navigate to the following directory:

      C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\tempEsgUploadFileTemp

    5. Delete all of the downloadFile* files.

Appliance-specific details

  • If the appliance is registered in Security Manager, unregister the appliance.
  • Ensure that the dual-mode and new v8.5 appliance are in the same subnet. If they are not, the migration process may complete, but the version 8.5 appliance Ethernet interfaces are not correctly updated.
  • You must release your dual-mode appliances from a cluster before performing the migration. Migrate each appliance, and then rebuild your cluster after the migration process is complete.
  • If you are migrating email to a virtual appliance, you may need to reconfigure some network settings. The version 8.5 virtual appliance supports 3 network interfaces: C, P1, and P2. In the migration, the C interface retains the setting you assigned it during firstboot. The P1 and P2 interfaces inherit the settings of P1 and P2 when migrating from a V5000, or the E1 and E2 settings when migrating from a V10000. On the V10000, the P1 and P2 settings are left behind.
  • Calculate the disk space used on your existing appliance and ensure that the new appliance has adequate disk space for all data you want to migrate.
  • If you or Forcepoint personnel have customized your appliance iptables settings, please contact Technical Support. These customizations are not preserved by the migration process.