Upgrade procedure for solutions that include web, email, and data protection

Before you begin

Applies to:
  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x, v9.0, v10.x
  • Forcepoint Email Security, v8.5.x
  • Forcepoint appliances, v8.5.x

This outline summarizes the steps required to upgrade the entire suite of Forcepoint on-premises security solutions. Forcepoint Email Security always includes Forcepoint DLP components.

For complete instructions, see Upgrading Forcepoint Security Solutions.

Steps

  1. Upgrade Policy Broker. All components on the Policy Broker machine (which may be a full policy source appliance) are upgraded in the correct order.
    If there are multiple Policy Brokers, upgrade the primary Policy Broker first. Upgrade replica Policy Brokers after the primary has been upgraded and before attempting to upgrade any Policy Servers associated with the replicas.
  2. Upgrade any instances of Policy Server running off the Policy Broker machine. All components on each Policy Server machine, including user directory and filtering appliances, are upgraded in the correct order.
  3. Upgrade any additional instances of Filtering Service and User Service, running on other machines. All components on each machine, including filtering only appliances, are upgraded in the correct order.
  4. Upgrade the web security Log Server. All components on the machine are upgraded in the correct order.
  5. Upgrade the email security Log Server. All components on the machine are upgraded in the correct order.
  6. Upgrade the management server. All modules on the machine are upgraded in the correct order.
  7. Upgrade all other appliances in your network. This can be done in any order, and can be completed in parallel.
    • If Email Security is deployed in cluster mode, you must release all appliances from the cluster before upgrading or migrating. Upgrade each appliance as needed, and then rebuild your cluster after the process is complete.
    • The Email MTA continues to function after the management server upgrade, but the logs are cached on the appliance until Forcepoint Email Security is upgraded as well. For best practice, redirect email traffic to another MTA as cached messages may be lost otherwise.
  8. Upgrade any additional software instances of Network Agent and Content Gateway. If these components run on V Series and X Series appliances, this step has already been done.
  9. Upgrade any additional Web Security components, including transparent identification agents and Remote Filtering Server, that may be running on other machines.
  10. Upgrade any additional Data Security components and agents, including supplemental servers, FCI agents, protectors, and mobile agents.
  11. Upgrade client components, including the logon application (LogonApp.exe), Remote Filtering Client, Forcepoint Web Security Endpoint, and Forcepoint DLP Endpoint.