Messaging Gateway

There was a forum article called "Changing IP Addresses on Brightmail Gateway", but it never actually discussed how to do it, just that it could be done.

So...how is it done? The only command line tool I can see that can be used to modify the IP is ifconfig.  I am using Brightmail Gateway 9.0.2.

Thanks,

OriolesBird

Orioles,

     In the control center navigate to:

"Administration>Hosts>Configuration><local host>>Ethernet"

It is unfortunately a little bit of a process since your IP's are assigned to an MTA for use.  The easiest way is to add a new virtual IP.  Then assign your MTA to the new virtual IP and your done.  Another way (If you don't want to use VIPs) Is to create a temp ip using virtual.  Then assign the MTAs to that IP.  Change the IP of the physical NIC then assign the MTA's back to that IP.

Let me know if you have any more questions,

John

That might have worked fine when the machine was in its original envornment, but I have exported the VM and imported it into a new test environment on a different subnetwork.  The transplanted VM isn't pingable from the other machines in the test environment, so I can't access it with a browser.  Is there any way to change the network configuration at the VMware console?

Thanks,

OB

Roughly, here is the process I used.  You will want physical access to the CC as you can loose connectivity during this process.  This is NOT supported by Symantec.  I believe SBG 9.5 will have improvements in this area.

0. build a new CC from the OS build disk.  call it Target

1. Backup the  control center. Call it Source.  You can use the GUI or the command line DB-BACKUP command.  I'd put it on an off-box FTP/SCP site

On Target

2. Use GUI or DB-RESTORE command to load backup via FTP/SCP

3. Verify if OS IPs have change to the Source IPs.  If not, reboot.

4. Use Delete OSCONFIG command to clear OS level settings.  Reboot

5. You will be prompted to set password, networking on reboot. Use the new IP addressing for the network location of Target.  Reboot.

6. While waiting for the reboot, on each Scanner use

    agent-config -a <ip of Target CC>

7. When Target has rebooted, open the GUI via http://newIP:41443/brightmail.

8. Go to Admin/Config/CC.  Do the following all in one session;

a. on service tab, set Directory Integration to Auto, but note which interface was selected.

b. on Ethernet -

       add a temp IP address. This will be used to "park" the MTA interfaces. 

       Make sure this IP isn't in use.

c. on SMTP tab. 

       Move the inbound MTA to the temp IP

       Move the outbound MT to the temp IP (you may need to change port)

       If enabled, move the Auth interface to the temp IP.

d on SMTP/Advance/ Delivery tab

       set the SMTP Delivery Bindings near the bottom to Auto, but note which interface you used. 

e. change the MTA host name at the top.

f.  on the DNS tab, correct DNS and NTP IPs, if needed.

g. On the ethernet tab,

       Change the IP address  to the new location IP addresses. Make sure

       you use the correct netmasks, etc.

       Change the Default gateway near the bottom.

SAVE

Reopen the config, and change binding to the new IP addresses on Services, SMTP, SMTP Advanced tab.

SAVE.

Goto Status / Hosts, software tab. You should get valid status back from each scanner.  If not you need to verify your firewall allow CC to Scanner communication for the Target CC, and that you used the correct IP address when you did the Agent-Config.

If this works, go to each scanners CLI and use Agent-Config -d <old cc ip> prevent remove the Old Source CC from talking to the Scanner and "confusing" it.

Go through all the other interfaces and make any hostname changes (e.g. reports that send from <old CC>@yourdomain.com.

Make sure your next hop MTA trusts the IP address of the Control center (our exchange needs to know the IP of any sending MTA as part of bot net lockdown.

Thank you, Cricket17! It turns out all I needed to do was:

delete osconfig

On the reboot, I entered my new networking info in at the VM console, and everything is running fine now.  I thank both you and John_H for your assistance here.

OB

On a Control center, it won't change it's IP address unless the Scanners "trust" the new IP.  I can provide a case # as reference via PM if you want.

You should have access to the SBG terminal interface, that's where you need to do the Delete OSconfig.

Another way, if this is a planned migration, is to add the new subnet IP address to eth1 on the source box before doing the backup.  This assumes that you are only using eth0 for all interfaces.