Changing the IP address of the Forcepoint management server

Before you begin

Note:

Applies to:

  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.1, v8.6.x, v8.7.x, v8.8.x. v8.9.x
  • Forcepoint Email Security, v8.5.x
  • Forcepoint appliances, v8.5.x
Warning: If web protection policy components (Policy Broker, Policy Server, Policy Database) or hybrid components (Directory Agent, Sync Service) reside on the management server, the process of changing the IP address is complicated. Contact Technical Support for assistance.

Before changing the IP address of the Forcepoint management server, remove the web protection Log Server from the management server machine (if applicable). The steps below include instructions for reinstalling it after the IP address change is complete.

Complete the following steps after changing the IP address of the management server.

Steps

  1. Update the Forcepoint Management Infrastructure with the new IP address.

    See Configuring the infrastructure to use a new IP address or hostname, for instructions.

    If SQL Server Express is installed on this machine, it will be automatically configured to the new IP address along with the infrastructure components.

  2. (Web protection solutions only): Update the configuration of the Web Security management components to reflect the new IP address:
    1. Recreate the Web Security Apache SSL certificates. See Creating Apache SSL Certificates. When following these instructions, be sure to edit the openssl.txt file to reflect the new IP address of the management server.
    2. Edit the Web Security catalina.properties file to reflect the new IP address. See Configuring Tomcat to a use new local IP address.
    3. Navigate to the C:\Program Files (x86)\Websense\Web Security\bin\ directory and open the websense.ini file in a text editor.

      Update the value of the LocalServerIP parameter to the new IP address.

    4. If the web protection Log Server runs on the management server (not recommended), and it was removed as instructed before changing the IP address, open a Windows command prompt and run the following commands from the C:\Program Files (x86)\Websense\Web Security\bin\ directory:

      LogServer.exe -i

      LogServer.exe -r

    5. Log on to the Web Security module of the Forcepoint Security Manager and navigate to the Settings > Reporting > Log Server page.
    6. Verify that correct information appears in the SQL Server location field.

      If the SQL Server location value changes, use the Windows Services tool to restart Websense Log Server.

    7. Use the Windows Services tool to restart the Websense RTM Server and Websense RTM Client services.

    After changing the Log Server IP address, if alerts appear from old IP address, restart Policy Server to clear the old alert data.

  3. (Email protection solutions only): Edit the Forcepoint Email Security catalina.properties file to reflect the new IP address. See Configuring Tomcat to a use new local IP address.
  4. (Email protection solutions only): If the Email Log Server is installed on the management server, update the Security Manager with its new IP address. See Configuring a new hostname for web protection management components.
    Note: This is required only for those appliances using the Log Server located on the management server machine. If an appliance is using a Log Server located elsewhere, do not update its IP address on that appliance.

    If there are multiple Forcepoint Email Security appliances in the deployment, update each with the new IP address of the Email Log Server. To update other appliances, complete the steps again in Configuring a new hostname for web protection management components, with the following modifications:

    1. After logging into the Security Manager, click the Appliances icon in the Security Manager banner.
    2. Click Manage Appliances and select the appliance to update.
    3. Continue with the rest of the procedure as normal.
    4. Repeat this process for each Forcepoint Email Security appliance that uses the Log Server located on the management server machine.
  5. (Email protection solutions only): If the email protection Log Database is located on the management server (e.g., SQL Server Express is installed on the machine and maintains the Log Database), update the database location in the Security Manager. See Updating the Log Database location for Forcepoint Email Security.
  6. (Forcepoint DLP only): Modify the management server installation to reflect the change. See Changing the IP address for Forcepoint DLP management components.
  7. For deployments that include the Forcepoint Web Security DLP Module, or that include Forcepoint Email Security, re-register the Web Security or Email Security module with the Data Security module of the Security Manager.
    • For Forcepoint Web Security, see Re-register Forcepoint DLP Protector software package.
    • For Forcepoint Email Security, see Re-registering Forcepoint Email Security with DLP components.