Update replica instances after the primary is restored from backup

Before you begin

Replica Policy Broker instances verify that they are synchronized to the latest version of the data from the primary Policy Broker by checking sequence numbers.

When you restore an older version of the Policy Database to the primary Policy Broker instance, replica instances do not recognize that they need to synchronize their data, because the sequence number is out of date. One symptom of the problem is that the Web > Settings > General > Policy Brokers page in the Forcepoint Security Manager will show a Last Policy Sync value of Unknown.

If you encounter this issue, perform the following steps for each replica Policy Broker:

Steps

  1. On the replica Policy Broker machine, open a command shell and navigate to the bin directory (C:\Program Files or Program Files (x86)\Websense\Web Security\bin or /opt/Websense/bin/).
  2. If you are on a Linux server, enter the following command:
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/Websense/bin
  3. Enter the following command:
    PgSetup -m standalone

    This temporarily disconnects the replica from the primary Policy Broker.

    You will see a prompt about manually updating config.xml files. You can ignore the prompt, because Policy Broker will become a replica again in the next step.

  4. Enter the following command:
    PgSetup -m replica -l <replica_IP_address> -z <primary_IP address> -w <synchronization_password>

    This reconnects the replica to its primary Policy Broker.

  5. After making the change, restart your web protection services (starting with the Policy Broker machines, then any additional Policy Server machines, then any additional machines with web protection components). Using the commands below ensures that components on each machine are restarted in the correct order.
    • Linux: Run the following command from the /opt/Websense/ directory:

      ./WebsenseAdmin restart

    • Windows: Run the following command from the C:\Program Files or Program Files (x86)Program Files or Program Files (x86)\Websense\Web Security\ folder:

      WebsenseAdmin restart

    • Appliance: Restart all web protection modules (for example, Network Agent and Content Gateway).