Adding the Forcepoint Email Security manager or Email Log Server

Before you begin

Applies to:
  • Forcepoint Email Security, v8.5.x

Steps

  1. To start the Forcepoint Security Installer:
    • If installation files were saved after the initial installation, use the Forcepoint Security Setup link (on the Start screen or in the Start > Forcepoint menu) to start the installer without having to re-extract files.
    • If the installation files were not saved, double-click the installer executable.
  2. In Modify Installation dashboard, click the Install link for Forcepoint Email Security.
    The Email Protection Solutions Installer starts.
  3. On the Introduction screen, click Next.
  4. Select the Forcepoint Email Security option and then click Next.
    Note: If Forcepoint Infrastructure is currently installed on this machine, email protection components automatically use the database engine and database login credentials entered when Forcepoint Infrastructure was installed. The Email Protection Solutions Installer reads this information from configuration files created by Forcepoint Security Setup.
  5. If Forcepoint Infrastructure is not found already installed on this machine, the Email Log Database screen appears. Specify the location of a database engine and how you want to connect to it.
    • Log Database IP Address: Enter the IP address of the database engine machine. If you want to use a named database instance, enter in the form <IP address>\<instance name>. Note that the instance must already exist. See your SQL Server documentation for instructions on creating instances.

      If the option to install SQL Server Express is available as part of the Forcepoint Security Installer, and you chose to install it, the Log Database IP address should be that of the Security Manager machine.

      Starting in version 8.5.4, more stringent connection string and certificate requirements are needed for establishing an encrypted connection with a SQL Server. Using an IP address is no longer supported for encrypted connections; you must use a hostname or a fully qualified domain name (FQDN) that matches the Common Name (CN) field on the certificate used by SQL Server, if using an encrypted database connection.

    • You may specify whether the connection to the database should be encrypted.

      If you are using an encrypted connection, ensure that you use a hostname or FQDN for your Email Log Database that matches the CN field on the certificate that SQL Server is using.

      Please note the following issues associated with using this encryption feature:

      • By default, Email Log Server uses NTLMv2 to encrypt the connection.

        If you want to use SSL encryption, you must have imported a trusted certificate to the Log Server machine. See your database documentation for information about importing a trusted certificate.

      • The Bulk Copy Program (BCP) option for inserting records into the Log Database in batches cannot be used. Not using the batch method may affect Log Database performance.
      • The connection from the Forcepoint appliance to the Log Database cannot be encrypted. If you enable encryption for Log Database, you must disable the SQL Server force encryption feature.
    • Database login type: Select how Email Log Server should connect to the database engine.
      • Windows authentication: connect using a Windows trusted connection.
      • Database account: connect using a SQL Server account.

        Then enter a user name and password.

      • If using a trusted connection, enter the domain\username of the account to be used. This account must be a trusted local administrator on the database engine machine.
      • If using a database account, enter the name of a SQL Server account. This account must have certain roles assigned; see Installing with SQL Server.

    When you click Next, connection to the database engine is verified. If the connection test is successful, the next installer screen appears.

  6. On the Email Database File Location screen, specify where database files should be located and then click Next.
    This screen appears only if you chose to install the Email Log Server.

    The path entered here is understood to refer to the machine on which the database engine is located. The path entered must specify a directory that already exists.

  7. On the Email System Credentials screen, specify the server name or domain name of the management server, along with the user credentials to be used by Forcepoint Security Manager components when running services. Specify the User name and Password of the account to be used by the Security Manager.
  8. On the Email Database File Location screen, specify where email database files should be located and then click Next.
    This screen appears only if you chose to install Email Log Server.

    A default location for the Log Database is automatically shown. Information about the location of the database engine and connection credentials were entered when Forcepoint Infrastructure was installed on this machine. The Email Protection Solutions Installer reads this information from configuration files created by Forcepoint Security Setup.

    It is a best practice to use the default location. If you want to create the Log Database in a different location (or if you already have a Log Database in a different location), enter the path to the database files.

    The path entered here is understood to refer to the machine on which the database engine is located. The path entered must specify a directory that already exists.

  9. On the Email Appliance screen specify the Email appliance to be managed by this installation of the Forcepoint Security Manager and then click Next.
  10. On the Installation Folder screen, specify the location to which you want to install Email module components and then click Next.
    To select a location different than the default, use the Browse button.

    Each component (Email Security module and/or Email Log Server) will be installed in its own folder under the parent folder you specify here.

  11. On the Pre-Installation Summary screen, click Install.
    The Installing Email Protection Solutions screen appears, as components are being installed.
  12. Wait until the Installation Complete screen appears, and then click Done.