Changing the IP address for Forcepoint DLP management components

Before you begin

Note:

Applies to:

  • Forcepoint DLP, v8.5.1, v8.6.x, v8.7.x, v8.8.x. v8.9.x

Perform this task during off hours, or route traffic around the Forcepoint DLP infrastructure (disabling connectors, ICAP, etc.) while you are performing the task.

It is assumed you have already changed the IP address of the management server machine. If not, see Changing the IP address of the Forcepoint management server.

Important:

If you change both the IP address and hostname of a server (or the IP address):

  • You must complete the entire process of updating one before starting to change the other (and wait for all endpoints to be updated).
  • If any endpoints are not connected to the network when settings are deployed, you must create a new endpoint package using the package-building tool, and use SMS or a similar mechanism to install the new package on these endpoints.

Steps

  1. To stop the protector:
    1. Log on to the protector as root.
    2. Enter the following command:

      service pama stop

  2. On the management server, launch the Forcepoint Security Installer.
    • If installer files were preserved after the initial installation, use the Forcepoint Security Setup link in the Start > Forcepoint menu or on the Start screen to launch the installer.
    • If installer files were not preserved, double-click the installer executable.
  3. In the installer, for Data, select the Modify link.
  4. Accept the defaults in the installer screens, and then click Next until you reach the Server Access screen. Select the new IP address here.
  5. If the hostname of the management server has changed, the installer automatically detects the new settings and configures the management infrastructure.
  6. Proceed through the remaining installer screens, accepting defaults, and click Finish.
  7. If mail server is relaying SMTP traffic to the management server (SMTP agent), change its configuration to relay mail to the new management server IP address.
  8. In the Data Security module of the Security Manager, change the IP address on the following pages, if necessary:
    1. Settings > Configuration > Archive Storage
    2. Settings > Deployment > System Modules

      Select the SMTP Agent and click the Encryption & Bypass tab.

  9. Re-register all Forcepoint DLP standalone agents (see Re-registering Forcepoint DLP components).
  10. To start the protector:
    1. Log on to the protector as root.
    2. Enter the following command:

      service pama start

  11. Click Deploy in the Data Security module of the Security Manager.
  12. Reinstall all endpoint clients with the new management server IP address.
  13. Verify that:
    • New events appear in the traffic log.
    • The system log doesn’t display errors.
    • The endpoint status shows that endpoints are synchronized.
    • New incidents are written into the data usage incident management screen.