Forcepoint Endpoint Solutions Upgrade Guide · 2018. 12. 20. · Guidelines for creating an...

December 2018

Upgrade GuideForcepoint™ Endpoint Solut ions

©2018 ForcepointForcepoint and the FORCEPOINT logo are trademarks of Forcepoint. Raytheon is a registered trademark of Raytheon Company. All other trademarks used in this document are the property of their respective owners.Published 2018Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.Last modified 20-Dec-2018

Contents

Chapter 1 Upgrading Forcepoint Endpoint Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Forcepoint One Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

DLP Endpoint package builder installation files . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Automatic software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Guidelines for creating an anti-tampering password . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 2 Upgrading Forcepoint Web Security Endpoint . . . . . . . . . . . . . . . . . . . . . . . . . 6

For hybrid web deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Upgrade steps for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Upgrade steps for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

For cloud web deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Upgrade steps for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Upgrade steps for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

For remote filtering deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Upgrade steps for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Chapter 3 Upgrading Forcepoint One Endpoint (DLP) . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Post endpoint upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 4 Upgrading Forcepoint Web Security and Forcepoint One Endpoint (DLP)16

For hybrid Forcepoint Web Security and Forcepoint One Endpoint (DLP) deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Upgrade steps for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Upgrade steps for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

For remote filtering and DLP deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Upgrade steps for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Upgrade Guide i

Contents

Forcepoint Endpoint Solutions ii

1

Forcepoint Endp

Upgrading Forcepoint Endpoint Solutions

Forcepoint endpoint solutions provide complete real-time protection against advanced threats and data theft for both network and roaming users. Forcepoint advanced technologies help you discover and protect sensitive data stored on endpoint machines and provide actionable forensic insight into potential attacks.

● Forcepoint offers three Forcepoint Web Security Endpoint options to protect users from web threats:

■ Forcepoint Web Security Direct Connect Endpoint: Requires a Forcepoint Web Security on-premises solution with the Web Hybrid module (Windows only) or Forcepoint Web Security Cloud (Windows only).

■ Forcepoint Web Security Proxy Connect Endpoint: Requires a Forcepoint Web Security on-premises solution with the Web Hybrid module or Forcepoint Web Security Cloud.

■ Remote Filtering Client: Requires Forcepoint URL Filtering with the Remote Filter module.

● Forcepoint One Endpoint (DLP) protects organizations from data loss and data theft. It also identifies and helps secure sensitive data stored on corporate computers, including laptops. Requires Forcepoint DLP Network or Forcepoint Data Discovery.

This guide covers the following:

● Upgrading Forcepoint Web Security Endpoint, page 6

● Upgrading Forcepoint One Endpoint (DLP), page 13

● Upgrading Forcepoint Web Security and Forcepoint One Endpoint (DLP), page 16

Applies to: ● Forcepoint One Endpoint (DLP) v18.12.x

● Forcepoint DLP v8.6.x

● Forcepoint Web Security Endpoint v8.5.x

● Forcepoint Web Security v8.5.x

● Forcepoint Web Security Cloud

● Forcepoint URL Filtering v8.5.x

oint Solutions 1


For information on how to upgrade Remote Filtering Client, see the Upgrading the Remote Filtering Client section of Deploying the Remote Filtering Module.

Forcepoint One Endpoint

Starting with Forcepoint DLP v8.6, Forcepoint One Endpoint (DLP) is now the standard Forcepoint Endpoint agent for Forcepoint DLP (Windows and Mac) and Forcepoint Dynamic Data Protection (Windows only).

While Forcepoint One Endpoint (DLP) for Windows and Mac are part of the Forcepoint One Endpoint platform, Forcepoint Web Security Endpoints (Direct Connect for Windows, Proxy Connect for Windows and Mac, and Remote Filtering for Windows and Mac) remain part of the conventional endpoint platform, but are deployed in the Forcepoint One Endpoint package builder.

DLP Endpoint package builder installation files

The Forcepoint DLP v8.6 installation no longer contains the package builder used to install Forcepoint One Endpoint (DLP). To install the latest Forcepoint One Endpoint (DLP), you must download the package builder from the Forcepoint Support site.

Automatic software updates

Receive automatic software updates (Windows endpoint machines only): When new versions of Forcepoint Endpoint are released, you may upgrade the software on each endpoint machine (this can be done via GPO or SMS), or you can configure automatic updates.

To automate software updates for Forcepoint One Endpoint (DLP) or combined Forcepoint One Endpoint (DLP)/Forcepoint Web Security Endpoint through the package builder:

a. Prepare a server with the latest updates on it (see “Configuring the auto-update server” for details).

b. In the package builder, elect Receive automatic software updates.

c. Specify the URL of the server you created. It cannot be secure HTTP (HTTPS).

d. Indicate how often you want endpoint machines to check for updates.

1. Click Next and the Client Settings screen displays:

ImportantAs a best practice, upgrade a handful of endpoint machines and ensure that they are working before upgrading all of the endpoint machines in your deployment.

Upgrade Guide 2

http://www.websense.com/content/support/library/web/v84/remote_filtering/first.aspx

http://www.websense.com/content/support/library/endpoint/v18/auto_update/first.aspx



Complete the fields as follows:

2. Click Next.

User interface mode Select from the following 2 options:

● Interactive: A user interface is displayed on all endpoint machines. Users know when files have been contained and have the option to save them to an authorized location.

● Stealth: The Forcepoint One Endpoint (DLP) user interface is not displayed to the user. In this mode, users will not know that Forcepoint One Endpoint (DLP) is operating on their machine. The following features are affected in this mode:

■ The Forcepoint One Endpoint icon will not display in the task bar. Users will see the Forcepoint One Endpoint (DLP) installation if they check the Windows Control Panel.

■ Users will not be able to view the client user interface. As a result, they will not have access to the connection status, the Contained Files viewer, the Log Viewer, or the bypass option. (Experienced users, however, will be able to see Contained folders and files in the installation path.)

■ Users will not receive pop-up messages.

■ Although administrators can choose Confirm and Encrypt with user password in the Data Security manager as part of an action plan for the endpoint machine, these are not possible enforcement actions. When these options are selected, operations that violate policy are blocked. The Encrypt with profile key action will still take place, however.

■ When a user attempts to access a blocked page, a 404 error message will display rather than a block page.

Because users will not see any notifications, stealth mode is best reserved for discovery tasks and audit-only policies.

Note that you must reinstall the endpoint machine and deploy a new profile to switch user interface modes.

Installation Mode Applies to Windows only. Select from the following 2 options:

● Full: Installs Forcepoint One Endpoint (DLP) with full policy monitoring and blocking capabilities upon a policy breach. All incidents are reported in the Forcepoint Security Manager. Full Mode installation requires a reboot of the endpoint machine.

● Discovery Only: Configures Forcepoint One Endpoint (DLP) to run discovery analysis but not data loss prevention. Discovery Only installation does not require a reboot.

Upgrade Guide 3


Guidelines for creating an anti-tampering password

For security purposes, anyone who tries to modify or uninstall Forcepoint Endpoint software is prompted for an anti-tampering password. Anti-tampering passwords must follow the following guidelines:

● Contain at least one number (0-9)

● Contain at least one letter (a-z or A-Z)

● Be no more than 65 characters (Mac operating systems)

● Be no more than 259 characters (Windows operating systems)

Using special characters (Mac operating systems)

On Mac endpoint machines, you can use the following special characters within your password:

> < * ? ! [ ] ~ ` ' " | ; ( ) & # \ $

If you include special characters in your password, you must enclose the password in single quotation marks when you type the password into the command line prompt. Otherwise, the operating system will interpret the special character as a command and the password will not work.

● Correct: 'MyPa$$word1!'

■ Password contains special characters and is properly quoted.

● Incorrect: MyPa$$word1!

■ Password contains special characters and is not properly quoted.

When you type the password into a field on a screen (like the package builder) or web page (like the Forcepoint Security Portal), you should not enclose the password in single quotation marks.

Using special characters (Windows operating systems)

On Windows endpoint machines, you can use the following special characters within your password:

^ & < > |

If you use special characters within your password, you must include the ^ character before the special character when you type the password into the command line prompt. Otherwise, the operating system will interpret the special character as a command and password will not work.

● Correct: MyP^>ssword1^&

■ Special characters are prefixed by a ^ character.

● Incorrect: MyP>assword1&

■ Special characters are not prefixed by a ^ character.

Upgrade Guide 4


When you type the password into a field on a screen (like the package builder) or web page (like the Forcepoint Security Portal), you should not include the ^ character before the special character.

Upgrade Guide 5

2

Upgrading Forcepoint Web Security Endpoint

The following applies to Forcepoint Web Security Endpoint. If you are upgrading both Forcepoint Web Security Endpoint and Forcepoint One Endpoint (DLP), see Upgrading Forcepoint Web Security and Forcepoint One Endpoint (DLP), page 16.

Although this Forcepoint One Endpoint build is v18.12.x, it can be used in conjunction with Forcepoint products that are v8.4.x and higher. You do not need to uninstall the lower version before installing v18.12.x if you are upgrading from Forcepoint DLP Endpoint v8.5.x. Versions lower than v8.5 must be uninstalled before this Forcepoint One Endpoint build is installed.

If you are upgrading to the new Proxy Connect Endpoint, you do not need to uninstall lower Endpoint versions before installing the latest version. However, if you are upgrading a Proxy Connect Endpoint to the new Direct Connect Endpoint, you must uninstall the Proxy Connect Endpoint before installing the Direct Connect Endpoint.

This section looks at the steps for upgrading Forcepoint Web Security Endpoint if you are using Forcepoint Web Security with the Web Hybrid module or Forcepoint Web Security Cloud on a Windows or Mac operating system.

Applies to: ● Forcepoint One Endpoint v18.12.x





ImportantIf you upgrade endpoint machines to Windows 10 from any of the following operating systems after you upgrade the Forcepoint Web Security Endpoint, you must re-install the Forcepoint Web Security Endpoint software.

● Windows 7

● Windows Server 2012

● Windows Server 2016

Forcepoint Endpoint Solutions Upgrade Guide 6


● For hybrid web deployments, page 7

● For cloud web deployments, page 9

For hybrid web deployments

The following are upgrade steps for the Windows and Mac operating systems.

Upgrade steps for Windows

Option 1: Auto-upgrade

1. Log on to the Web module of the Forcepoint Security Manager.

2. Navigate to Settings > Hybrid Configuration > Hybrid User Identification.

3. Select Automatically update endpoint installations when a new version is released if you want to ensure that your endpoint machines have the latest version when it is available from the hybrid service.

4. Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

The setting is disabled by default, as most organizations like to control the software on the desktop themselves and test newer versions before deploying them. You may want to enable the option once you have tested the new Endpoint software so all users (including roaming users) get the latest software installed. Once they have all updated the Endpoint software, you can then disable updates again.

Note that while an Endpoint software update is taking place (which can take several minutes), end users will be unable to browse, but will be shown a web page stating that the Endpoint software is updating. This page will continue to retry the requested

NoteMac Endpoint installation packages created through the package builder have the same version format (18.12.xxx), regardless of the endpoint component chosen on the Select Endpoint Components screen.

Windows Web Security Endpoint installation packages (except for Windows Direct Connect Endpoint) created through the package builder or downloaded from the Forcepoint Security Portal have the conventional version format (8.5.2xxx). Windows Direct Connect Endpoint installation packages created through the package builder have version 8.5.2xxx, and the stand-alone version of Windows Direct Connect Endpoint is 8.5.3xxx.

After installation, the Forcepoint Web Security Endpoint Diagnostics Tool shows the correct version number.



web page every 10 seconds until the Endpoint software has finished updating, and will then display the requested page correctly if the user is allowed to access this URL, or alternatively will display a block page.

Option 2: Create a new endpoint installation package using the Forcepoint One Endpoint package builder

1. Download the latest package builder from the Forcepoint Support site:

a. Log on to the Forcepoint Downloads page.

b. Navigate to Forcepoint One Endpoint, select a version, and then download and launch the package builder.

2. On the Select Endpoint Components screen, select Forcepoint Web Security Endpoint.

3. Under Forcepoint Web Security Endpoint, select Direct Connect Endpoint or Proxy Connect Endpoint.

4. Choose Windows 32-bit or Windows 64-bit when prompted.

5. Deploy the v8.5.x package to each endpoint machine using GPO, SMS, or a similar deployment method. You can install the v8.5.x Forcepoint Web Security Proxy Connect Endpoint on top of lower versions of the Proxy Connect Endpoint without uninstalling the lower versions. You must uninstall the lower version of the Proxy Connect Endpoint if you are upgrading to Forcepoint Web Security Direct Connect Endpoint.

6. Restart the endpoint machine after installation is complete.

Upgrade steps for Mac


1. Log on to the Web module of the Forcepoint Security Manager.

2. Navigate to Settings > Hybrid Configuration > Hybrid User Identification.

3. Select Automatically update endpoint installations when a new version is released if you want to ensure that your endpoint machines have the latest version when it is available from the hybrid service.

Note

● The wepsvc service must be running on the endpoint machine for auto-update to run properly.

● You cannot use the auto-update feature in the Web module of the Forcepoint Security Manager to automate updates for combined Forcepoint Web Security Endpoint and Forcepoint One Endpoint (DLP) deployments.


https://support.forcepoint.com/Downloads


4. Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Option 2: Manual upgrade





3. Under Forcepoint Web Security Endpoint, select Proxy Connect Endpoint. The Direct Connect Endpoint option is not available for Mac.

4. Choose Mac when prompted.

5. When the wizard completes, unzip the FORCEPOINT-ONE-ENDPOINT-Mac.zip package onto your Mac systems.

6. Run the WebsenseEndpoint.pkg from the unzipped folder EndpointInstaller.

7. Follow the steps in the installation wizard.

8. End users may be prompted to log out and re-log on to their desktops.

For cloud web deployments

The following are upgrade steps for the Windows and Mac operating systems:



1. In the Forcepoint Security Portal, go to Web > Policy Management > Policies. Under the policy you wish to view, open the Endpoint tab.

2. Under Endpoint Installation and Enable automatic updates for these endpoint clients, select the Windows check box for either Proxy Connect or Direct Connect.

3. Click Submit.

NoteThe wepsvc service must be running on the endpoint machine for auto-update to run properly.





Option 2: Create a new endpoint installation package using the Forcepoint One Endpoint package builder

1. Log on to the Forcepoint Downloads page.

2. Navigate to Forcepoint One Endpoint, select a version, and then download the package builder.

3. The Forcepoint One Endpoint package builder utility extracts required files and launches.


5. Under Forcepoint Web Security Endpoint, select Direct Connect Endpoint or Proxy Connect Endpoint.


7. Deploy the package to each endpoint machine using GPO, SMS, or a similar deployment method. You can install this version of Forcepoint Web Security Proxy Connect Endpoint on top of lower versions of the Proxy Connect Endpoint without uninstalling the lower versions. You must uninstall the lower version of the Proxy Connect Endpoint if you are upgrading to Forcepoint Web Security Direct Connect Endpoint.


Option 3: Download a new endpoint installation package from the Forcepoint Security Portal

1. Customers with a full-cloud deployment (Forcepoint Web Security with Forcepoint Web Security Cloud) can log on to the Forcepoint Security Portal, and then navigate to Web > Endpoint > General to obtain the Forcepoint Endpoint installation package.

2. On that page, you have two types of Endpoint clients to choose from: Direct Connect and Proxy Connect. You can deploy a combination of Direct Connect and Proxy Connect Endpoint clients in your organization if desired; however, only one type can be installed on an individual endpoint machine.





For Mac operating system users, Forcepoint One Endpoint can automatically deploy newer versions to browsers without involvement from desktop administrators.




1. In the Forcepoint Security Portal, go to the Endpoint tab in the Web policies section.

2. Under Endpoint Installation and Apply automatic updates for these operating systems, select the Mac check box.

3. In the Forcepoint Security Portal, go to Web > Policy Management > Policies. Under the policy you wish to view, open the Endpoint tab.

4. Under Endpoint Installation and Enable automatic updates for these endpoint clients, select the Mac check box for Proxy Connect. The Direct Connect Endpoint option does not support Mac endpoint machines.

5. Click Submit.

Option 2: Download the new endpoint installation package from the Forcepoint Security Portal

To upgrade Forcepoint Web Security Endpoint manually on a single machine, follow these steps for installing the latest version of Forcepoint Endpoint:

1. Go to Web > Settings > Endpoint.

2. Click Set Anti-Tampering Password to set the anti-tampering password if you have not already done so. For more information about creating an anti-tamper password, see Guidelines for creating an anti-tampering password, page 4.

3. Enter and confirm your anti-tampering password, then click Submit.

4. Under Endpoint Client Download, select the Proxy Connect Endpoint type, and then select Mac from the Platform drop-down menu.

5. Click on the version number to download the Forcepoint Endpoint zip file.

6. When you download Forcepoint Endpoint, it should include the WebsenseEndpoint.pkg file along with a file called HWSConfig.xml, which is specific to your account. This file needs to be in the same directory as the .pkg file for the Endpoint software to successfully install.

Note that if you wish to use Forcepoint Endpoint over port 80 for proxying and PAC file retrieval, you need to do the following before installing the Endpoint software:

■ Ask your Forcepoint Endpoint support representative to add the “Send HWS endpoint to port 80” template to your account. You can add this template to specific policies or globally.

■ Change the HWSConfig line from the following:

<PACFile URL=“http://webdefence.global.blackspider.com:8082/proxy.pac” />

to this:

<PACFile URL=“http://pac.webdefence.global.blackspider.com/proxy.pac” />




By applying this template, you will also move to port 80 any endpoint machines that are already installed.

7. Double-click the Forcepoint Endpoint package to open an introductory screen for the installer. Click Continue for step-by-step instructions on the installation process.

8. When you reach the “Standard install on Macintosh HD” screen, click Install to begin the installation process.

You must install Forcepoint Endpoint on the local hard disk. You can change the installation location on this screen by clicking Change Install Location ...

9. Enter a user name and password for a user with administrator rights to install the software.

If the installation process fails, check that the HWSConfig.xml file is present and is in the correct format if you have edited it.

10. A confirmation screen informs you if the installation is successful. Click Close.

For remote filtering deployments

If you are using Remote Filtering Client, use the following upgrade steps:






3. Under Forcepoint Web Security Endpoint, select Remote Filtering Client.


5. Deploy the package to each endpoint machine using GPO, SMS, or a similar deployment method. You can install this version on top of lower versions without uninstalling the lower versions.


For more information about using the Endpoint package builder and installing and deploying Forcepoint endpoint solutions, see Installing and Deploying Forcepoint Endpoint Solutions.



http://www.websense.com/content/support/library/endpoint/v18/installation.pdf


3

Upgrading Forcepoint One Endpoint (DLP)

The following upgrade steps apply to Forcepoint One Endpoint (DLP). If you are upgrading a mixed deployment consisting of Forcepoint One Endpoint (DLP) and Forcepoint Web Security Endpoint, see Upgrading Forcepoint Web Security and Forcepoint One Endpoint (DLP), page 16.

Although this Forcepoint One Endpoint build is v18.12.x, it can be used in conjunction with Forcepoint products that are v8.4.x and higher. You do not need to uninstall the lower version before installing v18.12.x if you are upgrading from



NoteWindows Forcepoint One Endpoint (DLP) installation packages created through the package builder have the new version format (18.12.xxx).



Forcepoint DLP Endpoint v8.5.x. Versions lower than v8.5 must be uninstalled before this Forcepoint One Endpoint build is installed.

To upgrade your existing version of Forcepoint Endpoint:

1. Make sure you have a v8.4 or higher management server installed and functioning.

2. Make a backup copy of the Endpoint package builder executable file, WebsenseEndpointPackageBuilder.exe. This file is found at C:\Program Files (x86)\Websense\Data Security\client.

3. Download ForcepointOneEndpointPackage.zip, from the Forcepoint Downloads page and unzip it into the same folder. Four files are placed in the directory: WebsenseEndpointPackageBuilder.exe, WebsenseEPClassifier.pkg.zip, EPA.msi, and EPA64.msi.

The exe file is for building the Forcepoint One Endpoint (DLP) software package to install on your endpoint machines.

The zip file is a DLP endpoint classifier exclusively for Mac endpoints running Forcepoint One Endpoint (DLP).

Sites that are not running Forcepoint One Endpoint (DLP) on Mac can ignore the WebsenseEPClassifier.pkg.zip.file.

The EPA.msi file is the endpoint classifier for Win32 endpoints.

Sites that are not running Forcepoint One Endpoint (DLP) on Win32 machines can ignore the EPA.msi file.

The EPA64.msi file is the endpoint classifier for Win64 endpoint machines.

Sites that are not running Forcepoint One Endpoint (DLP) on Win 64 machines can ignore the EPA64.msi file.

4. If you have Mac endpoint machines running Forcepoint One Endpoint (DLP):

ImportantEndpoint machines with Forcepoint DLP Endpoint versions previous to 8.5.0 may not upgrade directly to Forcepoint One Endpoint (DLP) v18.12.x. It is recommended that you uninstall the previous endpoint and then install Forcepoint One Endpoint (DLP) v18.12.x.

NoteThe Forcepoint DLP v8.6 installation no longer contains the package builder used to prepare Forcepoint One Endpoint (DLP). To prepare the latest Forcepoint One Endpoint (DLP), you must download the package builder from the Forcepoint Support site.





a. Back up the file WebsenseEPClassifier.pkg.zip in the following folder: C:\Program Files (x86)\Websense\Data Security\client\OS X. If the OS folder does not exist, create it.

b. Copy the new WebsenseEPClassifier.pkg.zip from the folder in step 3 and place it into the \OS X folder.

You do not need to unzip this file. It is automatically unzipped by the package builder when it creates the new Mac installation package.

5. If you have Win32 endpoint machines running Forcepoint One Endpoint (DLP):

a. Back up the file EPA.msi in the following folder:

C:\Program Files (x86)\Websense\Data Security\client.

b. Copy the new EPA.msi from the folder in step 2 and place it into


6. If you have Win64 endpoint machines running Forcepoint One Endpoint (DLP):

a. Back up the file EPA64.msi in the following folder:


b. Copy the new EPA64.msi from the folder in step 2 and place it into


7. Run WebsenseEndpointPackageBuilder.exe to generate a new Forcepoint One Endpoint (DLP) installation package.

8. Deploy the v18.12.x installation package to each endpoint machine using one of the methods described in the Installation and Deployment Guide for Forcepoint Endpoint Solutions.


Post endpoint upgrade

The system provides both name and serial number for each endpoint device, as in "SanDisk Cruzer Blade; 4C530103131102119495".

An easy way to maintain compatibility with previous releases is to add an asterisk (*) to the end of each device name that you have listed in the Forcepoint Security Manager. For example, change "SanDisk Cruzer Blade" to "SanDisk Cruzer Blade*".

If you do not, rules related to the existing endpoint machines may not monitor or enforce the removable media channel as expected. Only exact matches generate an incident.




4

Upgrading Forcepoint Web Security and Forcepoint One Endpoint (DLP)

The following instructions apply for mixed deployments involving upgrading both Forcepoint Web Security and Forcepoint One Endpoint (DLP).

Although this Forcepoint One Endpoint build is v18.12.x, it can be used in conjunction with Forcepoint products that are v8.4.x and higher. You do not need to uninstall lower Endpoint versions before installing v18.12.x, if you are upgrading from Forcepoint DLP Endpoint v8.5.x or Forcepoint Web Security Endpoint v8.4.x or v8.5.x. Versions lower than v8.5 must be uninstalled before this Forcepoint One Endpoint build is installed.

● For hybrid Forcepoint Web Security and Forcepoint One Endpoint (DLP) deployments, page 17

● For remote filtering and DLP deployments, page 19







ImportantEndpoint machines with Forcepoint DLP Endpoint versions previous to 8.5.0 may not upgrade directly to Forcepoint One Endpoint (DLP) v18.12.x. It is recommended that you uninstall the previous endpoint and then install Forcepoint One Endpoint (DLP) v18.12.x.



For hybrid Forcepoint Web Security and Forcepoint One Endpoint (DLP) deployments

The following are the upgrade steps for the Windows and Mac operating systems.



To automate software updates for combined web and DLP endpoints:

1. Prepare a server with the latest updates on it (see “Configuring the auto-update server” for details).

2. Select Receive automatic software updates.

3. Specify the URL of the server you created. It cannot be secure HTTP (HTTPS).

4. Indicate how often you want endpoint machines to check for updates.

Option 2: Create a new endpoint installation package using the

NoteMac Endpoint installation packages created through the package builder have the same version format (18.12.xxx), regardless of the endpoint component chosen on the Select Endpoint Components screen.

Windows Forcepoint One Endpoint (DLP) installation packages created through the package builder also have the new version format (18.12.xxx).

Windows Web Security Endpoint installation packages (except for Windows Direct Connect Endpoint) created through the package builder or downloaded from the Forcepoint Security Portal have the conventional version format (8.5.2xxx). Windows Direct Connect Endpoint installation packages created through the package builder have version 8.5.2xxx, and the stand-alone version of Windows Direct Connect Endpoint is 8.5.3xxx.

After installation, the Forcepoint Web Security Endpoint Diagnostics Tool shows the correct version number.






Forcepoint Endpoint package builder

1. Launch the Endpoint package builder:

■ Download the latest package builder from the Forcepoint Support site:


b. Go to Endpoint Security, select a version, and then download and launch the package builder.

2. On the Select Endpoint Components screen, select both of the following:

■ Forcepoint Web Security provides web security to your endpoint machines.

■ Forcepoint One Endpoint (DLP Endpoint) for data loss protection.

3. Under Forcepoint Web Security, select Direct Connect Endpoint or Proxy Connect Endpoint.









■ Forcepoint Web Security provides web security to your endpoint machines.

■ Forcepoint One Endpoint (DLP) for data loss protection.

3. Under Forcepoint Web Security, select Proxy Connect Endpoint. The Direct Connect Endpoint option does not support Mac endpoint machines.

4. Choose Mac when prompted.

5. When the wizard completes, unzip the FORCEPOINT-ONE-ENDPOINT-Mac.zip package onto your Mac machines.

6. Run the WebsenseEndpoint.pkg from the unzipped folder EndpointInstaller.

7. Follow the steps in the installation wizard.

8. End users may be prompted to log out and re-log on to their desktops.





For remote filtering and DLP deployments

The following are upgrade steps if you are using Remote Filtering Client and Forcepoint One Endpoint (DLP):






■ Forcepoint Web Security

■ Forcepoint One Endpoint (DLP)

3. Under Forcepoint Web Security, select Remote Filtering Client.


5. Deploy the package to each endpoint machine using GPO, SMS, or a similar deployment method. You can install this version on top of lower versions without uninstalling the lower versions.

For more information about using the package builder and installing and deploying Forcepoint endpoint solutions, see Installing and Deploying Forcepoint Endpoint Solutions.





Forcepoint Endpoint Solutions Upgrade Guide · 2018. 12. 20. · Guidelines for creating an...

Documents

Transcript of Forcepoint Endpoint Solutions Upgrade Guide · 2018. 12. 20. · Guidelines for creating an...