How to change the IP address on the detection server

book

Article ID: 160693

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention Network Prevent for Web Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover

Issue/Introduction

What needs to be changed in the Symantec DLP GUI if the IP Address of one of the detection servers has changed (Network Monitor box, for example)?

Resolution

Once the IP Address of the detection server has been changed, you will need to change the Host field in the config page of the specific detection server in the User Interface on the Enforce Server.  Perform the following actions:

  1. Enforce Console -> System Overview -> click on the Detection Server (Monitor) that needs to be changed -> click on the Configure button
  2. Change the host field to the new IP address or FQDN
  3. Go to System Overview -> Enforce Server and click on "Recycle" next to "DetectionServerController Status" to restart the service (This will temporarily disconnect all Detection Servers from the Console. Make sure no scans are running or they will be interrupted)

If using the hostname (FQDN) in the Host field, rather than the IP, then it won't work until the DNS has been updated. Nslookup, from the enforce server, can be used to confirm the FQDN is resolving correctly. 

If there is a problem with the monitor after this change see VontuMonitor fails to start after changing IP address.

If the detection server continues to show as "Unknown" see Troubleshoot an Unknown Detection Server status in the DLP Enforce Console.