Installing the hotfix package

Each hotfix version is available for download on the Forcepoint support site. Separate hotfix installer binary files are provided for Windows and Linux platforms.

Running the hotfix installer script

On Windows command line run the following command:
Forcepoint_DLP_8.9.1_Windows_HotfixX.exe
On a Linux platform, make sure that the binary file is set with execution permissions. Run the following command:
chmod a+x ./Forcepoint_DLP_8.9.1_Linux_HotfixX
After appropriate permissions are granted, run the file using:
./Forcepoint_DLP_8.9.1_Linux_HotfixX

Applying the hotfix on systems that have the Forcepoint Email Security Gateway

While applying the hotfix you need to login to Forcepoint Email Security Gateway as follows:

And make sure to copy the hotfix to the following path:

/var/lib/lxc/esg/rootfs/opt/websense/PolicyEngine

Applying the hotfix on systems that have the Forcepoint Web Security Gateway

While applying the hotfix you need to login to Forcepoint Web Security Gateway as follows:

And make sure to copy the hotfix to the following path:

/var/lib/lxc/wcg/rootfs/opt/websense/PolicyEngine

Installation pre-checks

When the hotfix installer is run, it performs the following pre-checks:

  • Checks whether the user has administrative privileges.
  • Detects the following server details:
    • Operating system type: Windows or Linux
    • Server role: Manager, Supplementary, Appliance (Forcepoint Web Security or Forcepoint Email Security, DLP Protector)
    • Data path: DSS_HOME (Windows) and PE_HOME (Linux).
    • Version of the Forcepoint DLP and Forcepoint Security Manager running on the system.
  • Checks that the running Forcepoint DLP version is identical to that needed by the hotfix configuration.
  • Checks for connection to SQL database.
  • Checks if any pending policy updates are waiting for deployment. This usually happens after a system upgrade.
  • Checks if a previous hotfix was installed on the system by reading the hotfix_version.txt file located under DSS_HOME (Windows) or PE_HOME (Linux) paths.
  • Checks that the hotfix being installed is a version higher than the running version.

Other tasks performed by the hotfix installer

The hotfix installer also performs following other tasks:

  • Backs up relevant files that are candidates for replacement: The first operation that modifies the system is the backup process, where the hotfix Installer will back up all relevant files that are candidates for replacement. Backup folder is created under the Windows (DSS_HOME) Linux (PE_HOME) folder with name hotfix_backup\hotfix_backups_dlp_version.
    Note: The goal is to back up the minimum number of files that would allow us to revert to the way the system was running before any hotfix installation (GA code or otherwise) was done. When installing a hotfix, only the files we do not have a backup for them from previous hotfixes, are backed up.
  • Stops all relevant services: After the backup process, the installer stops all relevant services with the given timeout. If the timeout is reached, the installer tries to kill the process of the relevant service. If one of the services is not stopped or killed, the hotfix Installer terminates and recommends the user stop the service manually.
  • Replaces relevant files: After all relevant files have been backed up, the installer next replaces the relevant files.
    Note: If any one of the file replacements fails, the hotfix Installer will skip it and proceed to the next file. At the end, it will print a summary of the replacement operations that have been performed.
  • Runs SQL queries (if needed):

    Some of the fixes provided with the hotfix Installer would require SQL queries to be run.

    Note: The installer does not check which database value was set before the SQL execution. If the value was configured to be different then the default value will be overwritten by the hotfix Installer.

    Below is an example of a SQL query run and the corresponding console messages displayed once a query runs:

    If any one of the SQL queries fails or does not affect the database, it will be indicated in the Result column.

  • Clears the Tomcat and Jetty Cache (if needed): The installer uses a pre-existing PowerShell script to clear the cache of the DSSManager and DSSBatchServer services. If the script fails, then you may need to set your PowerShell execution policy.

  • Starts relevant services previously stopped: The hotfix Installer starts all relevant services that have been previously stopped.
  • Updates the hotfix_version.txt file: The hotfix installer updates the hotfix ID that is currently installed on the system.

Example of a full installation session

Following is an example screen shot from a full installation session: