Configuring encrypted connection to SQL Server

If your deployment includes Forcepoint Security Manager in Azure and a remote SQL Server, use the following steps after installation to configure an encrypted connection between SQL Server and Forcepoint Email Security components. These steps are only necessary if you did not choose to encrypt connection during Step 28 of your initial deployment (Step 28 of Deploying both Forcepoint Email Security and Forcepoint Security Manager together in the Azure cloud).

  1. Follow the steps outlined in Deploying both Forcepoint Email Security and Forcepoint Security Manager together in the Azure cloud, and configure the settings for your remote SQL Server.
  2. After deployment is complete, log on to the Forcepoint Security Manager and select Email. The Email module displays.
  3. Navigate to Settings > Reporting > Log Database.
  4. In the section Log Database Location, enter the IP address of the remote SQL Server.
  5. Mark the check box Encrypt connection.
  6. (Optional) Click Check Status to verify the availability of the server.
  7. Ensure that the additional settings are correct and click OK.

  8. Open SQL Server Configuration Manager and navigate to SQL Server Network Configuration > Protocols for MSSQLSERVER > Properties.
  9. On the tab Flags, change Force Encryption to Yes.
  10. Save settings.

  11. Navigate to Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption,hashing, and signing.
  12. Change Properties to Enabled.

  13. Save settings and close.
  14. Restart the SQL Server.
  15. On the Forcepoint Security Manager virtual machine, log out of Forcepoint Security Manager.
  16. Open a command prompt and run ipconfig. Make note of the current settings.
  17. Navigate to the Windows network settings and set the IP address, netmask, and default gateway.
  18. Start the Forcepoint Security Installer.
  19. On the Modify Installation dashboard, click Modify for Forcepoint Infrastructure.
  20. On the Welcome screen, click Modify.
  21. Proceed to the SQL Server screen and enter the current hostname or IP address, port, user name, and password, then mark the check box Encrypt connection.

  22. Proceed through the other screens and click Finish.
  23. On the Modify Installation dashboard, click Modify for Forcepoint DLP.
  24. Changes may not be needed on these screens; verify that the installation is complete as you proceed, then click Finish.

  25. Wait a few minutes for services to refresh, then open Windows Services and verify that all Forcepoint services are running.
  26. Log into Forcepoint Security Manager and navigate to Settings > Reporting > Log Database. Verify that the settings are correct.

    Forcepoint Security Manager may take a few minutes to load. Do not log out or stop services.