Installing Forcepoint Infrastructure

Before you begin

Applies to:
  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x
  • Forcepoint Email Security, v8.5.x
  • Forcepoint appliances, v8.5.x

Forcepoint Infrastructure is composed of common user interface components required by the Forcepoint Security Manager Web Security, Data Security, and Email Security modules.

Steps

  1. These instructions assume that you have already launched the Forcepoint Security Installer and done one of the following:
    • Selected the Custom installation type, and selected Forcepoint Infrastructure install. (See Deployment section in Installing components via the Custom option.)
    • Selected the Forcepoint Security Manager installation type. (See Creating a Forcepoint management server.)
    • Started an upgrade of prior-version web or data protection components, with management components installed on this machine. In this case, skip to Step 3 now.

    The instructions also assume that a supported version of Microsoft SQL Server has been installed on a remote machine.

  2. On the Custom Installation dashboard, click the Install link for Forcepoint Infrastructure. (If Forcepoint Security Setup has been started as part of a Forcepoint Security Manager installation, skip this step.)
    Forcepoint Security Setup is launched.
  3. On the Forcepoint Infrastructure Setup Welcome screen, click Next.
  4. On the Installation Directory screen, specify the location where you want Forcepoint Infrastructure to be installed and then click Next.
    Important: The full installation path must use only ASCII characters. Do not use extended ASCII or double-byte characters.
    • To accept the default location (recommended), simply click Next.
    • To specify a different location, click Browse.
  5. On the SQL Server screen, specify the location of your database engine and the type of authentication to use for the connection. Also, specify whether to encrypt communication with the database. Encryption is recommended to increase the level of security in the SQL database.
    The information entered here is also used by the Web Security, Data Security, and Email Security component installers, by default. The web protection component installer can be used to specify a different database; the data and email protection component installers cannot.
    • Specify the location and connection credentials for a database server located elsewhere in the network.
      Enter the Hostname or IP address of the SQL Server machine, including the instance name, if any.
      • If you are using a named instance, the instance must already exist.
      • If you are using SQL Server clustering, enter the virtual IP address of the cluster.
      Also provide the Port used to connect to the database (1433, by default).
      Note: If your Forcepoint Email Security SQL Server installation uses a named instance, port 1433 is opened on the firewall even if you specify a different port. You must manually change this port setting after Forcepoint Email Security installation.

      See System requirements for this version to verify your version of SQL Server is supported.

      After selecting one of the above options, specify an authentication method and account information:

    • Select the Authentication method to use for database connections: SQL Server Authentication (to use a SQL Server account) or Windows Authentication (to use a Windows trusted connection).

      Next, provide the User Name or Account and its Password. If you are using Windows authentication with Forcepoint DLP, Forcepoint Web Security with the Web DLP module, or Forcepoint Email Security, use an account with the sysadmin role. If you are using SQL Server Express, sa (the default system administrator account) is automatically specified.

      Note: The system administrator account password cannot contain single or double quotes.

      For more information about permissions required for the connection account, see Installing with SQL Server.

      If you use a trusted account, an additional configuration step is required after installation to ensure that reporting data can be displayed in the Forcepoint Security Manager. See Configuring Apache services to use a trusted connection.

      When you click Next, connection to the database engine is verified. If the connection test is successful, the next installer screen appears.

      If the test is unsuccessful, the following message appears:

      Unable to connect to SQL
      Make sure the SQL Server you specified is currently running. If it is running, verify the access credentials you supplied

      Click OK to dismiss the message, verify the information you entered, and click Next to try again.

  6. On the Server & Credentials screen, select the IP address of this machine and specify network credentials to be used by Forcepoint Security Manager.
    • Select an IP address for this machine. If this machine has a single network interface card (NIC), only one address is listed.

      Use the IP address selected to access the Forcepoint Security Manager (via a web browser). Also specify this IP address to any other component that needs to connect to the Forcepoint management server.

      If you chose to use SQL Server Express, if you install Log Server for a web or email protection solution on another machine, specify this IP address for the database engine location.

    • Specify the Server or domain of the user account to be used by Forcepoint Infrastructure and the Forcepoint Security Manager. The server/hostname cannot exceed 15 characters.
    • Specify the User name of the account to be used by Security Manager.
    • Enter the Password for the specified account.
  7. On the Administrator Account screen, enter an email address and password for the default Security Manager administration account: admin. When you are finished, click Next.
    System notification and password reset information is sent to the email address specified (once SMTP configuration is done; see next step).

    The password must:

    • Be at least 8 characters
    • Contain upper case characters
    • Contain lower case characters
    • Contain numbers
    • Contain non-alphanumeric characters
    When you are finished, click Next.
  8. On the Email Settings screen, enter information about the SMTP server to be used for system notifications and then click Next. You can also configure these settings after installation in the Security Manager.
    Important: If you do not configure an SMTP server now and you lose the admin account password (set on previous screen) before the setup is done in the Security Manager, the "Forgot my password" link on the logon page does not provide password recovery information. SMTP server configuration must be completed before password recovery email can be sent.
    • IP address or hostname: IP address or hostname of the SMTP server through which email alerts should be sent. In most cases, the default Port (25) should be used. If the specified SMTP server is configured to use a different port, enter it here.
    • Sender email address: Originator email address appearing in notification email.
    • Sender name: Optional descriptive name that can appear in notification email. This name can help recipients identify the notification as email from the Forcepoint Security Manager.
  9. On the Pre-Installation Summary screen, verify the information and then click Next to begin the installation.
    DANGER
    If you chose to install SQL Server Express using the Forcepoint Security Installer, depending on whether certain Windows prerequisites are installed, your machine may be automatically restarted up to two times during the installation process. Restarts are not required if the prerequisites are already installed.
    Note: When you click Next, if you chose to install SQL Server Express on this machine using the Forcepoint Security Installer, it may take a couple minutes for the next screen to appear. Wait for the next screen, then see the next step below.
  10. If you chose to install SQL Server Express using the Forcepoint Security Installer, PowerShell 1.0 and Windows Installer 4.5 will be installed if not already present. Wait for Windows to configure components.
    1. If the following message appears during this process, click OK:
      Setup could not restart the machine. Possible causes are insufficient privileges, or an application rejected the restart. Please restart the machine manually and setup will restart.
    2. The installer starts again. In the Forcepoint Security Setup Welcome screen, click Next.
    3. The Ready to Resume EIP Infra installation screen appears. Click Next.
  11. If you chose to install SQL Server Express on this machine using the Forcepoint Security Installer, SQL Server Express Setup is launched. Wait for it to complete.
    The Setup Support Files screen appears and then an Installation Progress screen appears. Wait for these screens to complete automatically. It is not necessary to click or select anything in these screens.

    It may take approximately 10–15 minutes for the SQL Server Express installation to complete.

  12. Next, the Installation screen appears. Wait until all files have been installed.
    If an "Error 1920" message appears, check whether port 9443 is already in use on this machine. If port 9443 is in use, release it and then click Retry to continue installation.
  13. On the Installation Complete screen, click Finish.