Perform post-upgrade activities

Appliance activities should be performed on both the TRITON AP-EMAIL appliance and the Web Filter & Security appliance.

  • Appliance post-upgrade activities
  • TRITON AP-EMAIL post-upgrade activities

Appliance post-upgrade activities

Depending on the Web or Email module installed on your appliance, after upgrade perform the following:

In the CLI

Elevate to config mode and perform system checks and verify some configuration settings.
  • System information
    show appliance info
    Results may be similar to:
    Uptime : 0 days, 2 hours, 13 minutes
Hostname : webapp.example.com
Hardware_platform : V10000 G4
Appliance_version : 8.5.x
Mode : TRITON AP-WEB
Policy_mode : Filtering only
Policy_source_ip : 10.222.21.10
  • Upgrade history
    show upgrade --history
  • Appliance status
    show appliance status
show <module>
    If expected system services are not running, restart the module that hosts the service
    restart <module>
  • Network interface settings
    show interface info

    If you have bonded interfaces, note that the names used to indicate the type of bond have changed. For example, load-balancing is now “balance-rr”.

  • Check and synchronize the system time
    show system ntp
show system clock
show system timezone

    If the clock is off and NTP is configured, sync with:

    sync system ntp

    Otherwise, to sync when the time is set manually, see System time and time synchronization with TRITON servers in Forcepoint Appliances Getting Started.

  • Configure a filestore. A filestore is an off-appliance location for storing appliance-related files, including backup, log, and configuration files. Establishing a filestore is essential for saving and loading files.
    A filestore definition includes:

    • A unique name, known as the filestore alias.
    • The IP address of the filestore host and the port on which to connect.
    • The directory location (path or share) on the host.
    • The protocol to use to connect and move files to and from the filestore. Supported protocols include ftp, tftp, and samba.
    • Optionally, the name of a user (account) with permissions on the filestore.
    To define a filestore:
    set filestore --alias <filestore_alias>
--type <ftp|tftp|samba> --host <ip_address>
--path <share_directory>
[--user <user_name>] [--port <port>]

    Example:

    set filestore --alias fstore --type samba
--host 10.123.48.70 --path myfiles/myfolder
--user jdoe
  • If you integrate with a SIEM, configure SNMP polling and alerting. Use the documentation created in the pre-upgrade activity. See, also, SNMP polling and alerting in Forcepoint Appliances Getting Started.

In TRITON Manager

  • Register your appliances. Log on to TRITON Manager and go to the Appliances tab to register your appliances.
  • If you have User directory and filtering appliances, in Forcepoint Security Manager go to the Web module Settings > General > Policy Servers page, and add the Policy Server instances.
  • For TRITON AP-EMAIL, go to the Email module, go to Settings > General > Email Appliances and click on the host name link to delete the appliance. Log off and then back on to TRITON Manager and add the appliance’s new C interface IP address.

TRITON AP-EMAIL post-upgrade activities

Perform the following tasks in the TRITON Manager:

  • Redirect email traffic through your system to ensure that it performs as expected.
  • Update data loss prevention policies and classifiers
  • Update Forcepoint databases
  • Update Email module backup file
  • Update appliance management interface configuration settings
  • Configure email DNS lookup
  • Update Log Database

Update data loss prevention policies and classifiers

  1. In TRITON Manager, select the Data module.
  2. Follow the prompts for updating data loss prevention policies and classifiers. Depending on the number of policies you have, this can take up to an hour. During this time, do not restart the server or any of the services.
  3. When finished, click Deploy.

Update Forcepoint databases

Click Update Now in the Settings > General > Database Downloads page. This action performs an immediate database download update.

Update Email module backup file

Due to a change in implementation at v8.1, the TRITON Manager Email module backup file format is not compatible with versions earlier than 8.1. You must remove any pre-version 8.1 backup log file before you create a new backup file for v8.x. If you don’t remove the old log file before you create the new file, the backup/restore function can become inaccessible.

Use the following steps:
  1. Navigate to the following directory on the TRITON management server machine:C:\Program Files (x86)\Websense\Email Security\ESG Manager
  2. Locate and remove the following file: ESGBackupRestore

    Copy this file to another location if you want to save it.

  3. Create a new backup file for v8.3 on the Settings > General > Backup/Restore page.

Update appliance management interface configuration settings

Data loss prevention

Re-register the TRITON AP-EMAIL appliance with the Data module as follows:

  1. In TRITON Manager, select the Email module and navigate to the Settings > General > Data Loss Prevention page.
  2. Click Unregister to remove the DLP registration.
  3. In the TRITON Data module, navigate to the Settings > Deployment > System Modules page. Select the TRITON AP-EMAIL module.
  4. In the upper left corner, click Delete.
  5. In the TRITON Email module Settings > General > Data Loss Prevention page, ensure the appliance management (C) interface IP address appears in the Communication IP address field.
  6. Click Register to register the appliance with the Data module.
  7. Select the Data module and click Deploy.

Email hybrid service

Re-register the TRITON AP-EMAIL appliance with the email hybrid service as follows:

  1. In TRITON Manager, select the Email module and navigate to the Settings > Hybrid Service > Hybrid Configuration page.
  2. Click Edit at the bottom of the page.
  3. Replace the SMTP server IP address with the new C interface IP address.
  4. Click OK.

Personal Email Manager notification message

You may need to enter your destination appliance management interface IP address for the proper distribution of Personal Email Manager notification messages.

  1. In TRITON Manager, select the TRITON Email module and navigate to the Settings > Personal Email > Notification Message page.
  2. Enter the new appliance management (or C) interface in the IP address or hostname entry field.
  3. Click OK.

Configure email DNS lookup

The appliance firstboot process includes the entry of DNS server settings. You can enhance DNS lookup query performance by configuring a second set of DNS server entries specifically for the Email module. In the TRITON AP-EMAIL appliance CLI, use the following commands, as needed:
set interface dns --module email --dns1 <DNS_IP>
set interface dns --module email --dns2 <DNS_IP>
set interface dns --module email --dns3 <DNS_IP>

Update Log Database

If you encounter the following warnings after your upgrade, you may need to update the Email Log Database with new values for appliance hostname, management interface IP address, C interface IP address, and device ID:

  1. Open SQL Server Management Studio.
  2. Click New Query.
  3. In the query window, enter the following command:
    USE [esglogdb76]

    Select the esg_device_id, admin_manage_ip, and device_c_port_ipfrom the dbo.esg_device_list.

  4. Enter GO.
  5. Locate the esg_device_id associated with either the admin_manage_ip or the device_c_port_ip of the source appliance.
  6. Execute the following command using the values you obtained in the previous steps:
    UPDATE dbo.esg_device_list SET esg_name = '<host name>',
admin_manage_ip = '<appliance management IP address>',
device_c_port_ip = '<C IP address>' WHERE esg_device_id =
'<device id>'
  7. Enter GO.
  8. Run the query.