What needs to be changed in the Symantec DLP GUI if the IP Address of one of the detection servers has changed (Network Monitor box, for example)?

Once the IP Address of the detection server has been changed, you will need to change the Host field in the config page of the specific detection server in the User Interface on the Enforce Server.  Perform the following actions:

1. Enforce Console -> System Overview -> click on the Detection Server (Monitor) that needs to be changed -> click on the Configure button
2. Change the host field to the new IP address or FQDN
3. Go to System Overview -> Enforce Server and click on "Recycle" next to "DetectionServerController Status" to restart the service (This will temporarily disconnect all Detection Servers from the Console. Make sure no scans are running or they will be interrupted)

If using the hostname (FQDN) in the Host field, rather than the IP, then it won't work until the DNS has been updated. Nslookup, from the enforce server, can be used to confirm the FQDN is resolving correctly. 

If there is a problem with the monitor after this change see VontuMonitor fails to start after changing IP address.

If the detection server continues to show as "Unknown" see Troubleshoot an Unknown Detection Server status in the DLP Enforce Console.