Post-upgrade activities
Your system should have the same configuration after the upgrade process as it did before the upgrade. Any configuration changes can be made after the upgrade process is finished.
After your upgrade is completed, redirect email traffic through your system to ensure that it performs as expected.
Email hybrid service registration information is retained during the upgrade process, so you do not need to complete the registration again, unless you have performed an appliance migration (e.g, from a virtual appliance to a new virtual appliance). See Update appliance management interface configuration settings (for migration only), for information.
Perform the following tasks in the Forcepoint Security Manager or the CLI:
- Install Email Security hotfixes
- Repair Email Security registration with Data Security
- Update data loss prevention policies and classifiers
- Update Forcepoint databases
- Update Email Security module backup file
- Configure email DNS lookup
- Increase vCPU and RAM allocation
- Update appliance management interface configuration settings (for migration only)
- Verify the system and configuration in the CLI
Install Email Security hotfixes
Navigate to the page Forcepoint My Account Downloads and select your version, then install the latest Windows and appliance hotfixes.
Alternatively, appliance hotfixes can be installed using the appliance command-line interface (CLI) or Forcepoint Security Appliance Manager (FSAM). See Forcepoint Appliances CLI Guide and Forcepoint Security Appliance Manager Help for more information.
Repair Email Security registration with Data Security
- In the Email Security module, navigate to the page and click .
- Register the appliance with the Data Security module; click Register.
- Navigate to the page Communication IP address. and ensure that the appliance management (C) interface IP address appears in the field
- In the Data Security module, navigate to the page Email Security module. and select the
- In the upper left corner, click Delete.
- Deploy the changes; click Deploy.
- Select the Data Security module.
- Follow the prompts that appear for updating data loss prevention policies and classifiers.
Depending on the number of policies you have, this can take up to an hour. During this time, do not restart the server or any of the services.
- Deploy the changes; in the upper right of the Data Security module, click Deploy.
Update Forcepoint databases
From the page Update Now. This action performs an immediate database download update.
, clickUpdate Email Security module backup file
Due to a change in implementation at version 8.1, the Security Manager Email Security module backup file format is not compatible with versions earlier than 8.1. You must remove any pre-version 8.1 backup log file before you create a new backup file for version 8.5.x. If you do not remove the old log file before you create the new file, the backup/restore function may not be accessible.
- Navigate to the following directory on the Security Manager machine:
C:\Program Files (x86)\Websense\Email Security\ESG Manager
- Locate and remove the following file:
ESGBackupRestore
Copy this file to another location if you want to save it.
- Create a new backup file on the page .
Configure email DNS lookup
set interface dns --module email --dns1 <DNS_IP>
set interface dns --module email --dns2 <DNS_IP>
set interface dns --module email --dns3 <DNS_IP>
Not applicable for Forcepoint Email Security in Azure.
Increase vCPU and RAM allocation
If you upgraded from version 8.3 or lower to version 8.5.x, it is necessary to increase the vCPU and RAM allocations on your virtual appliance, in order to ensure adequate system resources.
See the Knowledge Base article Resource Upgrade on OVA and Forcepoint Appliances Getting Started Guide for more information.
Update appliance management interface configuration settings (for migration only)
If your upgrade to version 8.5.x included a data migration, you need to re-configure some functions that use the appliance management (C) interface after the migration and upgrade are complete. The management (C) interface was added for virtual appliance users at version 8.3.
- Data loss prevention
- Email hybrid service
- Personal Email Manager notification message
- Update Log Database
- Reset Forcepoint Email Security license (only if Forcepoint Security Manager was migrated to Azure)
- Move Forcepoint DLP database (only if Forcepoint Security Manager was migrated to Azure)
Data loss prevention
- Select the Email Security module and navigate to the page .
- Remove DLP registration; click Unregister.
- In the Data Security module, navigate to the page .
- Select the Email Security module.
- In the upper left corner, click Delete.
- On the Email Security module page Communication IP address. , ensure the appliance management (C) interface IP address appears in the field
- Register the appliance with the Data Security module; click Register.
- Select the Data Security module and click Deploy.
Email hybrid service
This action is required only if you used the C interface on a hardware appliance that you have migrated.
- Select the Email Security module and navigate to the page .
- At the bottom of the Hybrid Configuration page, click Edit.
- Replace the SMTP server IP address with the new C interface IP address.
- Click OK.
Personal Email Manager notification message
This action is required only if you used the C interface on a hardware appliance that you have migrated.
- Select the Email Security module and navigate to the page .
- In the text field IP address or hostname, enter the new appliance management (or C) interface.
- Click OK.
If you had previously customized HTML notification templates for the Personal Email Manager, your customizations were lost when upgrading to the new version; reconfigure your templates on the page
.Update Log Database
If you encounter the following warnings after your upgrade, you may need to update the Email Log Database with new values for appliance hostname, management interface IP address, C interface IP address, and device ID:
- Open SQL Server Management Studio.
- Click New Query.
- In the query window, enter the following command:
USE [esglogdb76]
Select the esg_device_id, admin_manage_ip, and device_c_port_ip from the dbo.esg_device_list.
- Enter GO.
- Locate the esg_device_id associated with either the admin_manage_ip or the device_c_port_ip of the source appliance.
- Execute the following command using the values you obtained in the previous
steps:
UPDATE dbo.esg_device_list SET esg_name = '<host name>', admin_manage_ip = '<appliance management IP address>', device_c_port_ip = '<C IP address>' WHERE esg_device_id = '<device id>'
- Enter GO.
- Run the query.
Reset Forcepoint Email Security license (only if Forcepoint Security Manager was migrated to Azure)
If you migrated Forcepoint Security Manager to Azure, it is necessary to reset the Forcepoint Email Security licenses for each of your appliances. Contact Forcepoint Technical Support Forcepoint Technical Support for assistance with this step.
After Technical Support has reset your licenses, navigate to Forcepoint Email Security Administrato Help .
and add each of your appliances. SeeMove Forcepoint DLP database (only if Forcepoint Security Manager was migrated to Azure)
If you migrated Forcepoint Security Manager to Azure, it is necessary to move your Forcepoint DLP database to the new Forcepoint Security Manager in Azure. See How do I move the TRITONAP-DATA database to another MS SQLServer? for instructions.
Verify the system and configuration in the CLI
- Log on to the CLI and elevate to config mode.
Action Command Display system information show appliance info
Results may be similar to:
Uptime: 0 days, 2 hours, 13 minutes Hostname: webapp.example.com Hardware_platform: X10G G2 Appliance_version: 8.5.0 Mode: Forcepoint Web Security Policy_mode: Filtering only Policy_source_ip: 10.222.21.10
Display the upgrade history show upgrade history
Display the appliance and module status show appliance status show <module>
If expected system services are not running, restart the module that hosts the services.restart <module>
Display network interface settings show interface info
If you have bonded interfaces, note that the names used to indicate the type of bonding have changed. For example, load-balancing is now balance-rr.
Check and synchronize the system time, if necessary show system ntp show system clock show system timezone
If the clock is off and NTP is configured, sync with:sync system ntp
Otherwise, to sync when the time is set manually, see “System time and time synchronization with Forcepoint servers” in Forcepoint Appliances Getting Started.
Configure size and frequency values for archiving commands set log archive
Check SNMP polling and alerting settings (if you integrate with a SIEM or SNMP server) show snmp config show trap config show trap events
These commands are not supported in Forcepoint Email Security in Azure.