Data Loss Prevention

Hello all , one of my network monitor Server running on version 12.0.1 ( LINUX OS) is malfunctioning so I need to replace it with a new physical Server.

• Please kindly confirm that do I need to install the DLP 12.0.1 on this and this register it a detection server in the Enforce and remove the old one ?
• Am I required to save the configurations of the old server ? if yes how to do it ?
• What steps am I required to do to replace the old Network Monitor and Install it on the new physical Server ( with the same FQDN and IP)

Your response and suggestions on this requirement would be highly appreciated. Thanks & Regards

Would any 1 like to comment on this ?

Any 1 ????

Dear Outrageous

Refer below thread , this will really help you.

https://www-secure.symantec.com/connect/forums/how-take-back-and-restore-database-symantec-dlp

https://www-secure.symantec.com/connect/forums/best-practice-backuprestore-enforce-server-and-oracle-db

Hello thanks for your reply. But when I delete the Network Monitor Detection Server from the Enforce UI is it also going to delete the configuration and policy from the Database ?  it is just a detection server so removing this detection server from the Enforce UI also removes the policies and configurations from the Database ?

Hello Outrageous, 

When you remove a Network Monitor from Enforce UI -  DLP policies is not deleted from Database, you will lose a Network Monitor configuration only . Remember (write down) customized configuration of  Network Monitor from Enforce UI (on the tap Configure of Network Monitor), then remove Network Monitor and then add a new Network Monitor server and restore writed settings on Configure tab.

RemezRA am i only required to do these steps ? once i make the exact changes in the configurations via New Network monitor > Configure > same configurations as the old network monitor and that's it ?

Meaning it will pickup the old policies and work like Old Network Monitor or am I also required to perform some additional steps aswell ? Thanks & Regards,

Yes, new network monitor will pickup the old policies and work like Old Network Monitor.

The detection layer is mostly disposible oin that the detection server configs are mostly kept within the Enforce console database. Th eonly changes you would [potentialy lose are any performance customizations such as increasing the amount of memory to the discover processes or if you use Discover to scan databases you would need to copy back the drivers and the associated properties file. Because of this transitions are largely invisible.Once you have the replacement server built just point the associated entry in the server overview to the new server. As long as a scan is not occuring at the time the change is made ( something that should be taken care of via change control management) then almost nobody has to know. In the case of the monitor becuase it is passive noone would know in any case. Email, Web, endpoint, and discover only require minimal change notice; Email and Web require the most since they are inline.

One area that is not carried over is any advanced server settings you may have created.  Those are specific to each server and not saved when removing/adding servers.
 

Delete the server from the UI.. and then add a new one. That is all you will need to do.

Just make sure to configure which NETWORK port that is it supposed to listen to.

I doubt you did ANY tuning to the advanced settings, so nothing to worry about. If you did then make sure you document tham and duplicate it on the new server.

You can also just update the IP or name that the server is pointing to.. just make sure you have instaleld the SW on the new server. Once you restart it will then work.