KB Article | Forcepoint Support

Notes & Warnings

Important The KB Articles provided may require you to login to https://support.forcepoint.com to view. If you do not have an account, please Create a Customer Account. If you have an account but cannot log in, Contact Support for assistance. 

Resolution

The Policy Server is responsible for many of the configurations, settings, and connections required to make the Forcepoint deployment work. The Policy Server is an integral piece that connects to many other components and shares information across the global environment. This page is designed to be a one-stop shop with featured content articles that provide relevant and helpful information about setting up and troubleshooting the Policy Server and Policy Broker components.

Getting Started

This section introduces the Policy Server and Policy Broker components and the roles and responsibilities it plays in the Forcepoint deployment. These articles should provide a solid understanding and background of this highly important piece to each and every deployment.

Working with Policy Server
This document is the landing page that goes over the different facets of Policy Server for a deployment.

Reviewing Policy Server connections
This document discusses how to see the Policy Server connections in the Forcepoint Security Manager.

Working in a multiple Policy Server environment
This document discusses how to switch to the different Policy Servers in the Forcepoint Security Manager.
 
Information stored by Policy Server and Policy Broker
This article discusses the information stored by the services, and what information is not backed up with a Policy Database backup.

Filtering Service to Policy Server ratio
This article gives information for how many Filtering Servers a single Policy Server can manage.  

Policy Server to Policy Broker ratio
This article gives information for how many Policy Servers a single Policy Broker can manage. 
 
Managing Policy Broker Replication
This document gives information for creating and managing Policy Broker Replicas in large deployments.
 

Configuration

This section introduces featured articles on some of the most asked questions when configuring the Policy Server and Policy Broker components.

Changing the Policy Server IP address
Important This is for Windows deployments only, not Content Gateway or Appliances. For changing the IP address of a Content Gateway or Appliance, reimage is required. See Changing the C Interface IP Address.

Adding or editing Policy Server instances
This article explains how to change the type of policy server, IP address and port in the Forcepoint Security Manager under Settings > General > Policy Servers.

Starting and stopping Forcepoint services
This article explains how to start, stop, restart and check status of the Forcepoint Web and Content Gateway services on Windows, Linux and Appliances.
 

Troubleshooting

This section contains featured articles and resolutions on many of the common issues seen when working with the Policy Server and Policy Broker components. 

General Troubleshooting
Backup and restore the Policy Database
This article gives detail on how to make a Policy Database backup in Windows and Linux.

Resetting the Postgres database token
This article is most often used after restoring a Policy Database where the --no-clobber option was mistakenly not used.

Concurrent connection limit between Policy Broker and Policy Database
This article gives a workaround for to increase the number of connections that happen between Policy Broker and Policy Database in larger deployments where Triton Manager is reacting slower than normal or giving time outs.


Installation or Reinstallation Errors
Installation error 1460 when configuring Policy Server
The full error:
“Could not connect to Policy server code: 1460"

Policy Broker failed to install
The error happens on the Forcepoint Setup file at the end of installation.


Timestamp error message when setting up a Replica Policy Broker
This issue is specific to Policy Broker Replicas residing in certain time zones.


 
Changing Broker or Policy Server Location
Restoring policies to a new Forcepoint Security Management server when the old environment contains a Policy Broker replica
This article details the steps to take when applying a Policy Database backup from a Policy Broker replica environment.

Forcepoint instance is not authorized to connect to the Policy Broker
This error happens when first logging into the Forcepoint Security Manager after performing a restore from a backup.


Changing the Policy Broker and Policy Database used by Policy Servers
This article details how to change the location of a Policy Broker, then re-associate the Broker with Policy Servers across the deployment.


Updating Websense Content Gateway after Policy Server IP address change
This article only applies to Content Gateways running in Filtering Only mode.


 
Service Start Errors
Policy Server does not start or experiences various connection errors
This article is for if Policy Server service is stuck, will not start, does not stop or other errors.

Recent power outage causes the Policy Server service to not start on an appliance
This article details what to do if Policy Server stops working after a power outage.

Policy Server will not start with error "WsStreamException"
This error is specific to Windows deployments of Policy Server.

Forcepoint services not starting due to logon failure, error 1069
This error is specific to Windows deployments of Policy Broker or Policy Server.


Policy server not starting after restoring a previous versions backup
This error is specific to applying a backup from a previous version of Forcepoint software to a newer version.

 

Connection Errors
Policy Broker connection error when trying to install additional Policy Servers
This article is for issues after restoring a backup of a previous version, such as after a reinstallation.

"There is no Policy Server running at this IP address" error received when logging on to Forcepoint Security Manager
This addresses an issue on initial log in with Forcepoint Security Manager before switching to any policy server.

Switching between Policy Servers produces a "Could not connect to the Policy Server" error
This addresses a similar issue as the article prior, except when using the Switch option instead of at initial login.

The Forcepoint Security Manager cannot connect to the base policy server
This addresses a similar issue as the prior two articles, but is specific to the Policy Server port.

Policy Broker causes Web Security could not be launched error
This error happens if there was a recent upgrade. A similar error can also happen with more instructions, see "500 Server Error (website cannot display the page)" error displayed when logging into the Forcepoint  Security Manager for instructions.
 

"Cannot communicate with Policy Broker" error when installing or upgrading Log Server"
This error happens during installation of Log Server on a Windows server, though the Policy Broker may reside on Windows or Linux.  

Article Feedback



Thank you for the feedback and comments.