Before upgrading to v8.5.x web protection solutions

Applies to:
  • Forcepoint Web Security, v8.5.x
  • Forcepoint URL Filtering, v8.5.x

The upgrade process is designed for a properly functioning deployment of web protection software. Upgrading does not repair a non-functional system.

Tip: When you follow a link in this list, right-click the link and open it in a new window or tab. Close the new window or tab to return to the outline and continue working through the task.
Important:
  • V Series dual-mode appliance users:

    Dual-mode appliances are not supported with version 8.3.0 and higher. Either Forcepoint Email Security or the web protection solution must be migrated to a new appliance.

    To ease the migration effort, special tools have been developed, and a special procedure is recommended. For details, see Upgrading V Series Dual-Mode Appliances. Contact your Forcepoint account representative to learn about special promotions for dual-mode deployments planning an upgrade to v8.3 or higher.

  • V Series appliance users:

    Some older V10000 and V5000 appliances are not supported with this version.

    See V Series appliances supported with version 8.0 and higher.

Before upgrading to a v8.5.x web protection solution:

  1. Make sure the installation machine meets the hardware and operating system recommendations in System requirements for this version.

    In addition, with v8.5.3, Master Database enhancements were made that greatly increased the size of the database files. When upgrading to v8.5.3 or v8.5.4 from 8.5 or earlier, the new database files will replace the existing files. Prior to upgrading, confirm there is at least 6 GB of additional free space available on each Filtering Service machine.

  2. Verify that third-party components that work with your web protection solution, including your database engine and directory service, are supported. See Requirements for web protection solutions section in System requirements for this version.
  3. Make sure that your integration product (if any) is supported in v8.5.x. If necessary, upgrade your integration product before beginning the web protection software upgrade.
    • For information about integration with Microsoft Forefront TMG, see Integrating Forcepoint URL Filtering with TMG.
    • For information about integration with Citrix, see Integrating Forcepoint URL Filtering with Citrix.
    • To review current Cisco integration requirements, see Integrating Forcepoint URL Filtering with Cisco.
    • To integrate with a Blue Coat proxy, see Integrating Forcepoint URL Filtering using ICAP Service for more information about installing and configuring ICAP Service.
    • To review current integration requirements for other products, see Installing for Universal Integrations.
  4. Back up all of your web protection components, including the management server and any appliances, before starting the upgrade process. See the Backup and Restore FAQ for your version for instructions. The FAQ is available in the Technical Library.
  5. Before upgrading Filtering Service, make sure that the Filtering Service machine and the management server have the same locale settings (language and character set).

    After the upgrade is complete, Filtering Service can be restarted with any locale settings.

  6. Before upgrading any Policy Server, make sure that all instances of Multiplexer are enabled and started. This step is required even if you are not integrated with a third-party SIEM solution.
  7. If your product includes the Web Security DLP Module, before upgrading the management server, make sure those components are ready for upgrade:
    1. Stop all discovery and fingerprinting tasks.
    2. Route all traffic away from the system.
    3. Ensure that your supplemental fingerprint repositories are fully synchronized with the primary repository.
    4. Make sure all settings are deployed successfully. Log onto the Data Security manager. If the Deploy button is highlighted, click it.
    5. If your organization was supplied with custom file types, change the name of the following files in the policies_store\custom_policies\config_files folder on the management server; otherwise they will be overwritten during upgrade.
      • Change extractor.config.xml to custom_extractor.config.xml.
      • Change extractorlinux.config.xml to custom_extractorlinux.config.xml.

      The filenames are case-sensitive.

    6. If custom policies were provided, submit a request for updated versions before proceeding.
  8. When upgrading from v8.4 or earlier, a new logging partition is added to your Log Database. Please make sure you do not have 70 active partitions (the limit) prior to upgrading. Use the Web > Settings > Reporting > Log Database page of the Forcepoint Security Manager to disable at least one active partition prior to upgrading.
  9. It is important that you back up your current Log Database and stop any active Log Database jobs prior to upgrading. See Preparing the Log Database for upgrade.
  10. If Log Server uses a Windows trusted connection to access the Log Database, be sure to log on to the Log Server machine using the trusted account to perform the upgrade. To find out which account is used by Log Server:
    1. Launch the Windows Services tool.
    2. Scroll down to find Websense Log Server, then check the Log On As column to find the account to use.
  11. If your deployment includes V Series or X Series appliances, see the V Series Upgrade Guide or X Series Upgrade Guide for additional preparatory steps.

Restart services before starting the upgrade

Web protection services must be running before the upgrade process begins. If any service is stopped, start it before initiating the upgrade.

The installer will stop and start web protection services as part of the upgrade process. If the services have been running uninterrupted for several months, the installer may not be able to stop them before the upgrade process times out.

To ensure the success of the upgrade, manually stop and start all the web protection services before beginning the upgrade:

  • Windows: Navigate to the bin directory (C:\Program Files \Websense\Web Security, by default) and enter the following command:

    WebsenseAdmin restart

  • Linux: Navigate to the Websense directory (/opt/Websense/, by default) and enter the following command:

    ./WebsenseAdmin restart

  • Appliance: Refer to the Appliances CLI Guide.

Internet access during the upgrade process

When you upgrade a web protection solutions standalone installation, policy enforcement stops when your web protection services are stopped. Users have full access to the Internet until the web protection services are restarted.

If web protection solutions are integrated with another product or device, all traffic is either permitted or blocked during the upgrade, depending on how your integration product is configured to respond when Filtering Service is unavailable.

The Master Database is removed during the upgrade process. Filtering Service downloads a new Master Database after the upgrade is completed.

Find your upgrade procedure

When you are sure you have complete backups of your existing configuration and are ready to begin the upgrade process, see Upgrading web or web and data protection solutions from v8.1.x or later.