Moving web policy components to a new machine

Before you begin

Applies to:
  • Forcepoint Web Security, v8.5.x
  • Forcepoint URL Filtering, v8.5.x

When you move the same web protection software version to a new machine, first perform a new installation of the components on the new machine. Once the components are running successfully on the new machine, use the following procedure to preserve your policies and system configuration.

Steps

  1. On the original Policy Broker machine (running on the old operating system), navigate to the bin directory:
    • Windows:
      • C:\Program Files\Websense\Web Security\bin
      • C:\Program Files (x86)\Websense\Web Security\bin
    • Linux: /opt/Websense/bin/
  2. Use the following command to back up your existing policy information:

    PgSetup --save backup.policydb

    This command backs up only data stored in the Policy Database. It does not back up custom block pages or customized configuration files. To preserve customized configuration files or block pages, back those up separately.

  3. Copy the backup file resulting from the previous step to the corresponding bin directory on the new Policy Broker machine.
  4. Stop all web protection services on the new Policy Broker machine:
    • Windows: Navigate to the Websense\Web Security directory and enter the following command:

      WebsenseAdmin stop

    • Linux: Use the /opt/Websense/WebsenseAdmin stop command.
  5. Use the following command to restore the contents of your Policy Database backup to the new machine without overwriting important token and IP address information:

    PgSetup --restore backup.policydb --no-clobber

    The “no-clobber” parameter eliminates the need to update the token value in the config.xml file (a step included in migration procedures prior to 7.7).

  6. Start the web protection services on the new Policy Broker machine:
    • Windows: Navigate to the Websense\Web Security directory and enter the following command:

      WebsenseAdmin start

    • Linux: Use the /opt/Websense/WebsenseAdmin start command.

Result

Once the new machine has successfully replaced the original machine in your deployment, and you have verified that your policy information is correct, you are ready to begin the upgrade process.