Change the IP address on the Detection server
search cancel

Change the IP address on the Detection server

book

Article ID: 160693

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover Data Loss Prevention

Issue/Introduction

What needs to be changed in the Symantec DLP Enforce Server Console GUI and Detection server configuration files if the IP Address of one of the detection servers has changed (Network Monitor box, for example)?

Resolution

Once the IP Address of the detection server has been changed, you will need to change the Host field in the config page of the specific detection server in the User Interface on the Enforce Server.  Perform the following actions:

  1. Enforce Console -> System Overview -> click on the Detection Server (Monitor) that needs to be changed -> click on the Configure button
  2. Change the host field to the new IP address or FQDN
  3. Go to System Overview -> Enforce Server and click on "Recycle" next to "DetectionServerController Status" to restart the service (This will temporarily disconnect all Detection Servers from the Console. Make sure no scans are running or they will be interrupted)

For alternative methods (scripts / agent tools) to update the agent endpoint server see the KB How to Change Endpoint Agent from One Server to Another

If using the hostname (FQDN) in the Host field, rather than the IP, then it won't work until the DNS has been updated. Nslookup, from the enforce server, can be used to confirm the FQDN is resolving correctly. 

If there is a problem with the monitor after this change see Symantec DLP Detection Server fails to start after changing IP address.

If the detection server continues to show as "Unknown" see Troubleshoot an Unknown Detection Server status in the DLP Enforce Console.

 

 

 

Additional Information

If during installation of the Detection server a bind address was specified (by default it's blank) then additionally to adjusting the configuration on the Enforce server side it is necessary to update the IP address on the Detection server itself. The bind address instructs the Detection server on which IP address it should listen to incoming connections from the Enforce server. This mostly applies to scenarios where the Detection server has more than one network card and the DLP services should listen on one of it specifically. 

To verify if the bind address was specified during the installation:

DLP 16.0.2 or lower:

  1. Open the Communication.properties configuration file in a preferred text editor on the Detection server. By default it's located in Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\config
  2. Locate the line beginning with "serverBindName"
  3. If the line does not contain any IP address no further action is necessary
  4. If an IP address is present in the line it needs to be adjusted to the current IP address of the Detection server
  5. Once done restart the Symantec DLP Detection Server Service on the Detection server

DLP 16.1 and higher:

  1. Open the EnforceConnectorCommunication.properties configuration file in a preferred text editor on the Detection server. By default it's located in Program Files\Symantec\DataLossPrevention\DetectionServer\<version>\Protect\config
  2. Locate the line beginning with "tcp.server.bind.addresses.and.ports"
  3. If the line does not contain any IP address no further action is necessary
  4. If an IP address is present in the line it needs to be adjusted to the current IP address of the Detection server
  5. Once done restart the Symantec DLP Enforce Connector Service on the Detection server

 

In case of an Endpoint Prevent server verify the Bind Address in the Agent Listener configuration in the Detection server configuration in the Enforce Console UI. By default it's set to 0.0.0.0, so it listens on all network adapters on the server. However if this was configured to a specific IP address it will need to be adjusted. To do so:

  1. In the Enforce Console navigate to System -> Servers and Detectors -> Overview
  2. Select the Endpoint Prevent server by clicking on it's name
  3. Hit the Configure button in the menu on the top
  4. Change the tab to Endpoint Server
  5. Review the Bind Address configuration field. If it's set to 0.0.0.0 no further steps need to be taken
  6. If the Bind Address shows the old IP address of the Detection (Endpoint) server adjust the configuration to match the new IP Address
  7. Once done hit the Save button in the top menu to apply the changes
  8. Recycle the Detection server services by hitting the Recycle button after the Console returns to the overview of the server. Alternatively restart the Symantec DLP Detection Server Service on the Detection server directly in case of DLP 16.0.2 or lower, or Symantec DLP Enforce Connector Service on 16.1 and higher respectively.

 

Powered by Wolken Software