Go to the table of contents Go to the previous page Go to the next page
Upgrading Email Protection Solutions > Post-upgrade activities
Post-upgrade activities
Your system should have the same configuration after the upgrade process as it did before the upgrade. Any configuration changes can be made after the upgrade process is finished.
After your upgrade is completed, redirect email traffic through your system to ensure that it performs as expected.
Email hybrid service registration information is retained during the upgrade process, so you do not need to complete the registration again, unless you have performed an appliance migration (e.g, from a virtual appliance to a new virtual appliance). See Update appliance management interface configuration settings (for migration only) for information.
Perform the following tasks in the Forcepoint Security Manager or the CLI:
*
*
*
*
*
*
*
*
*
Install Email Security hotfixes
Navigate to the page Forcepoint My Account Downloads and select your version, then install the latest Windows and appliance hotfixes.
Alternatively, appliance hotfixes can be installed using the appliance command-line interface (CLI) or Forcepoint Security Appliance Manager (FSAM). See Forcepoint Appliances CLI Guide and Forcepoint Security Appliance Manager Help for more information.
Repair Email Security registration with Data Security
Re-register the new appliance with the Data Security module as follows:
1.
In the Email Security module, navigate to the page Settings > General > Data Loss Prevention and click Unregister.
2.
3.
Navigate to the page Settings > General > Data Loss Prevention and ensure that the appliance management (C) interface IP address appears in the field Communication IP address.
4.
In the Data Security module, navigate to the page Settings > Deployment > System Modules and select the Email Security module.
5.
6.
Update data loss prevention policies and classifiers
1.
2.
Depending on the number of policies you have, this can take up to an hour. During this time, do not restart the server or any of the services.
3.
Update Forcepoint databases
*
From the page Settings > General > Database Downloads, click Update Now.
This action performs an immediate database download update.
Update Email Security module backup file
Due to a change in implementation at version 8.1, the Security Manager Email Security module backup file format is not compatible with versions earlier than 8.1. You must remove any pre-version 8.1 backup log file before you create a new backup file for version 8.5.x. If you do not remove the old log file before you create the new file, the backup/restore function may not be accessible.
Use the following steps:
1.
C:\Program Files (x86)\Websense\Email Security\ESG Manager
2.
ESGBackupRestore
Copy this file to another location if you want to save it.
3.
Create a new backup file on the page Settings > General > Backup/Restore.
Configure email DNS lookup
The virtual appliance firstboot process includes the entry of DNS server settings. You can enhance DNS lookup query performance by configuring a second set of DNS server entries specifically for the Email Security module. Use the following CLI commands, as needed:
set interface dns --module email --dns1 <DNS_IP>
set interface dns --module email --dns2 <DNS_IP>
set interface dns --module email --dns3 <DNS_IP>
Not applicable for Forcepoint Email Security in Azure.
Increase vCPU and RAM allocation
If you upgraded from version 8.3 or lower to version 8.5.x, it is necessary to increase the vCPU and RAM allocations on your virtual appliance, in order to ensure adequate system resources.
See the Knowledge Base article Resource Upgrade on OVA and Forcepoint Appliances Getting Started Guide for more information.
Update appliance management interface configuration settings (for migration only)
If your upgrade to version 8.5.x included a data migration, you need to re-configure some functions that use the appliance management (C) interface after the migration and upgrade are complete. The management (C) interface was added for virtual appliance users at version 8.3.
Forcepoint Email Security in Azure supports only the C interface.
These configuration settings include:
*
*
*
*
*
*
Data loss prevention
Re-register the new appliance with the Data Security module as follows:
1.
Select the Email Security module and navigate to the page Settings > General > Data Loss Prevention.
2.
3.
In the Data Security module, navigate to the page Settings > Deployment > System Modules.
4.
5.
6.
On the Email Security module page Settings > General > Data Loss Prevention, ensure the appliance management (C) interface IP address appears in the field Communication IP address.
7.
8.
Email hybrid service
This action is required only if you used the C interface on a hardware appliance that you have migrated.
Re-register the new appliance with the email hybrid service as follows:
1.
Select the Email Security module and navigate to the page Settings > Hybrid Service > Hybrid Configuration.
2.
3.
4.
Personal Email Manager notification message
This action is required only if you used the C interface on a hardware appliance that you have migrated.
You may need to enter your destination appliance management interface IP address for the proper distribution of Personal Email Manager notification messages.
1.
Select the Email Security module and navigate to the page Settings > Personal Email > Notification Message.
2.
In the text field IP address or hostname, enter the new appliance management (or C) interface.
3.
If you had previously customized HTML notification templates for the Personal Email Manager, your customizations were lost when upgrading to the new version; reconfigure your templates on the page Settings > Personal Email > Notification Message.
Update Log Database
If you encounter the following warnings after your upgrade, you may need to update the Email Log Database with new values for appliance hostname, management interface IP address, C interface IP address, and device ID:
You may encounter this situation if you use Windows authentication. In that case, the migration script cannot update the C interface, resulting in this message.
1.
2.
Click New Query.
3.
USE [esglogdb76]
Select the esg_device_id, admin_manage_ip, and device_c_port_ip from the dbo.esg_device_list.
4.
5.
Locate the esg_device_id associated with either the admin_manage_ip or the device_c_port_ip of the source appliance.
6.
UPDATE dbo.esg_device_list SET esg_name = '<host name>', admin_manage_ip = '<appliance management IP address>', device_c_port_ip = '<C IP address>' WHERE esg_device_id = '<device id>'
7.
8.
Reset Forcepoint Email Security license (only if Forcepoint Security Manager was migrated to Azure)
If you migrated Forcepoint Security Manager to Azure, it is necessary to reset the Forcepoint Email Security licenses for each of your appliances. Contact Forcepoint Technical Support for assistance with this step.
After Technical Support has reset your licenses, navigate to Settings > General > Email Appliances and add each of your appliances. See Forcepoint Email Security Administrator Help.
Move Forcepoint DLP database (only if Forcepoint Security Manager was migrated to Azure)
If you migrated Forcepoint Security Manager to Azure, it is necessary to move your Forcepoint DLP database to the new Forcepoint Security Manager in Azure. See How do I move the TRITON AP-DATA database to another MS SQL Server? for instructions.
Verify the system and configuration in the CLI
The following table details system and configuration checks made in the CLI. See the Forcepoint Appliances CLI Guide for more information.
*
 
 

Go to the table of contents Go to the previous page Go to the next page
Upgrading Email Protection Solutions > Post-upgrade activities
Copyright 2023 Forcepoint. All rights reserved.