Reviewing Policy Server connections
Use the
page to review Policy Server information for all Policy Server instances associated with this Forcepoint Security Manager instance.If you have multiple Policy Server instances that share a subscription key, you can create one instance as the primary Policy Server. When you add the others as secondary instances, they receive their key information from the primary. This may help to speed up your configuration process and simplify key maintenance (in case you receive a new subscription key in the future).
- The Security Manager is associated with a primary Policy Server instance at installation time. This becomes the base Policy Server for the Security Manager, and its IP address and description cannot be changed.
- To see the secondary Policy Server instances associates with a primary Policy Server in the list, click the “+” symbol next to the Policy Server name or IP address.
- To update the information that appears on the page (for example, to see the latest subscription key information or Policy Broker connections, and to see any Policy Server instances that might have recently been automatically added to the Security Manager) click the Refresh button in the toolbar at the top of the content pane.
- Policy Server instances that connect to a different Policy Broker than the base.
Policy Server are flagged with an icon () indicating that they are not currently configurable.
Each Policy Server entry includes a short description. Primary Policy Server entries also include:
- Subscription information, including the key associated with the instance and its secondaries and the subscription level (for example, Forcepoint Web Security or Forcepoint URL Filtering)
- The IP address of the Policy Broker that Policy Server is using
In multiple Policy Broker deployments, configure how Policy Server connects to Policy Broker on the
page.
Click Add to associate an additional Policy Server with the Security Manager, or click a Policy Server IP address or name to edit configuration information for the selected instance (see Adding or editing Policy Server instances).
Note that in some cases, Policy Server instances are added to the Security Manager automatically. For example, when a Policy Server instance is installed on the same machine as a Policy Broker replica, that Policy Server instance appears on the Policy Servers page automatically. You can still edit these instances as needed (for example, to change their description).
Mark one or more Policy Server entries and click Delete to remove the connection between the Security Manager and the selected Policy Server.
- This removes the Policy Server instance from the Security Manager, but does not uninstall or stop the Policy Server service. You cannot delete the base Policy Server instance.
- Any time you remove a Policy Server instance from your deployment, be sure to also remove the instance from the Policy Servers page in the Security Manager.
Even if you take down one Policy Server machine, then bring up a new machine and assign it the old IP address, a Policy Server instance installed on the new machine does not automatically inherit the subscription key information from the old instance. You must still delete the old instance from the Security Manager, then add the new instance.
After adding or editing a Policy Server connection, click OK on the Policy Servers page to cache your changes. Changes are not implemented until you click Save and Deploy.