Preparing for the upgrade

  • Read the relevant release notes.
  • Verify the current deployment. Unless instructed otherwise by Forcepoint Technical Support, ensure that your system is functional prior to upgrade, and that required network interfaces have reliable connections to Forcepoint components and the Internet. The upgrade process does not repair a non-functional system.
  • Ensure the time set on all appliances is synchronized prior to upgrade.
  • If you are not already familiar with the preparation required for upgrading off- appliance components, review the requirements before upgrading your appliances.
  • Verify the system requirements for the version to which you are upgrading. See System requirements for this version.
  • Prepare Windows components. See Preparing for installation for an explanation of general preparations for upgrading the Windows components in your security solution.
  • Ensure that your firewall is configured correctly so that the ports needed for proper protection are open. See Default ports for on-premises Forcepoint security solutions.
  • Prepare Microsoft Azure virtual network if you are upgrading to Forcepoint Email Security in Azure. See Installing Forcepoint Email Security in Microsoft Azure.
  • Prepare for service disruption during upgrade. Appliance services are not available while the upgrade is applied, continuing until the appliances finishes its final restart. Service is not disrupted while the off-appliance components are upgraded.
  • If you are using link aggregation and plan to enable VLAN support after upgrade, disable link aggregation before enabling VLAN support on the blade or chassis. VLAN is only available on X Series appliances.
  • If you are already using Virtual Machines (VMs) for Forcepoint Security Manager or for Microsoft SQL Server, take a snapshot of the VMs before you start a Forcepoint upgrade.
  • If you have a remote database, ensure that the SQL account has a sysadmin role.
  • Back up all of your Forcepoint components before starting the upgrade process, see Backup and Restore FAQ.

    The Backup and Restore FAQ includes instructions for backing up all of the pieces that make up Forcepoint Web Security Hybrid Module (formerly Web Security Gateway Anywhere) on all platforms:

    • Forcepoint Management Infrastructure
    • Web Security components
    • Content Gateway
    • Data Security components
  • (Appliance upgrades only) Uninstall the following hotfix:
    • If you have any appliance with Hotfix 200 (Spectre/Meltdown Hotfix) installed, you must uninstall the hotfix before upgrading to v8.5. After upgrading, reinstall Hotfix 200 on the new version.
  • (Appliance upgrades only) Install the following hotfix:
    • If you are a Forcepoint V5000 G2R2 customer upgrading from v8.4 to v8.5, you must install 8.4 Appliance Hotfix 101 (APP-8.4.0-101) before upgrading.
  • (Forcepoint Email Security upgrades) Back up and remove tomcat log files and remove temporary manager files (optional; recommended to facilitate timely Forcepoint Security Manager upgrade). Use the following steps:
    1. Log onto the Windows server where the Forcepoint Security Manager resides.
    2. Navigate to the C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\logs directory
    3. Copy C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\logs to another location (for example, to C:\WebsenseBackup\Email), and then delete it in the directory mentioned in step 2.
    4. Navigate to the C:\Program Files (x86)\Websense\Email Security\ESG Manager\tomcat\tempEsgUploadFileTemp directory.
    5. Delete all the downloadFile* files.
  • Inventory all customizations and make a plan for restoring any that are required. Customizations are not retained through the upgrade process. After your upgrade, contact Forcepoint Technical Support for assistance with restoring files from your pre-upgrade file system. Customizations can include:
    • Custom patches
    • Hand updated files
    • Extra packages added
    • Extra files added, binary or configuration
  • Back up appliance configuration and settings. It is critical to perform a full appliance configuration backup and save it to a filestore.
    1. Log onto the CLI and elevate to config mode.
    2. To perform an immediate full backup, use:

      create backup now --location filestore_alias [--desc "<description>"]

    3. Include a unique description to make it easier to identify backup files that may have very similar names and dates.