Change the IP address on the detection server
search cancel

Change the IP address on the detection server

book

Article ID: 160693

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Network Monitor Data Loss Prevention Network Prevent for Email Data Loss Prevention Enforce Data Loss Prevention Network Discover Data Loss Prevention Network Protect Data Loss Prevention Endpoint Discover Data Loss Prevention

Issue/Introduction

What needs to be changed in the Symantec DLP GUI if the IP Address of one of the detection servers has changed (Network Monitor box, for example)?

Resolution

Once the IP Address of the detection server has been changed, you will need to change the Host field in the config page of the specific detection server in the User Interface on the Enforce Server.  Perform the following actions:

  1. Enforce Console -> System Overview -> click on the Detection Server (Monitor) that needs to be changed -> click on the Configure button
  2. Change the host field to the new IP address or FQDN
  3. Go to System Overview -> Enforce Server and click on "Recycle" next to "DetectionServerController Status" to restart the service (This will temporarily disconnect all Detection Servers from the Console. Make sure no scans are running or they will be interrupted)

For alternative methods (scripts / agent tools) to update the agent endpoint server see the KB How to Change Endpoint Agent from One Server to Another

If using the hostname (FQDN) in the Host field, rather than the IP, then it won't work until the DNS has been updated. Nslookup, from the enforce server, can be used to confirm the FQDN is resolving correctly. 

If there is a problem with the monitor after this change see Symantec DLP Detection Server fails to start after changing IP address.

If the detection server continues to show as "Unknown" see Troubleshoot an Unknown Detection Server status in the DLP Enforce Console.