KB Article | Forcepoint Support

Problem Description

To prepare for an upgrade or migration, a backup and restore of the policy database must be completed.

Important Appliances and servers run on the Linux platform may incur damage if the policy.wsdb file is taken from a Windows machine. If this occurs, a re-image of the appliance would be required to restore functionality.

Resolution

Note The restore process imports only your policies (clients, policies, filters, and admins) to the destination server. It is recommended to back up the destination server's policy information prior to doing a restore. The restore replaces the default Websense Admin password, so ensure you know the password from the source server.

Linux Instructions
Windows Instructions

Linux Instructions

When running PgSetup on Linux, this may produce the following error messages:
"Framework Library.so file that it can't find"
Error while loading shared libraries: libWFCFramework.so: cannot open shared object file: No such file or directory

To resolve this issue, perform the following steps before running the PgSetup utility and then continue with backing up the Policy Database.
  1. Log on to the Linux server where the Policy Broker and Policy Database services are located.
  2. Add a library path to the Websense bin directory by typing the following command from the root directory and pressing Enter:
export LD_LIBRARY_PATH=/opt/Websense/bin
 
This can also be executed directly from the /opt/Websense/bin directory and pressing Enter:
 
export LD_LIBRARY_PATH=.
 

To restore policy information, complete the following steps on the new deployment:

Generate a policy backup file (all versions):
  1. Navigate to the Websense bin directory, type the following commands, and press Enter:
./PgSetup --save policy.wsdb

For versions 7.0 to 7.6 additional steps:
  1. Type  vi config.xml and press Enter.
  2. Press / and type the word: token
  3. This should be visible: <data name="Token"> LONG-TOKEN-STRING-HERE </data>
  4. Highlight the token string, copy and save it to a text file outside of the SSH session.
  5. Move the policy.wsdb file and token string (if saved) to the destination server, or if upgrading in place, move to a file location that will not be deleted during the upgrade process.
Note Version 7.7 to 8.5 allows the --no-clobber argument which will automatically grab the unique Postgres database token from the policy backup and move it over to the new deployment/installation, so backing up the config.xml token string is not needed.
  1. Go to the bin directory and back up the existing policy database:​
./PgSetup --save 7x.backup_policy_db
  1. Move the backup file to a safe location. Name XX as the actual Forcepoint software version, such as 7.8.4 or 8.5.
  2. Follow How do I stop and start Web Security and V-Series services? to stop all Websense services.
  3. Move the policy.wsdb file (created on the source server) into the bin directory on the new deployment.
 
For versions 7.7 to 8.5, importing the backup file:
  1. On the new deployment, navigate to the bin directory, type the following command to restore the policy database, and then press Enter:
./PgSetup --restore policy.wsdb –-no-clobber
 
Note Missing the --no-clobber argument in 7.7-8.5 will result in problems with import of the policy.wsdb on the new server.
  1. If you are migrating your Policy Database to a newer version, type the upgrade command and press Enter:
./PgSetup --upgrade
  1. Follow How do I stop and start Web Security and V-Series services? to start all Websense services.
  1. Log on to TRITON Manager, click Web, under Main, click Policy Management, click Policies, and confirm that the imported policy information displays as expected.
 
For versions 7.0 to 7.6, importing the backup file:
  1. On the new deployment, navigate to the bin directory, type the following command to restore the policy database, and then press Enter:
./PgSetup --restore policy.wsdb
  1. If you are migrating your Policy Database to a newer version, type the upgrade command and press Enter:
./PgSetup --upgrade
  1. Rename config.xml.bak to config.xml.bak.old.
  2. Delete the journal.dat file.
  3. Synchronize the config.xml password with the Policy Database:
    1. In a Windows dialog box, open config.xml with a text editor, and search for the work “token” including the quotes.
    2. Replace the token value with the saved token from the source deployment server’s config.xml file.
    3. Save and close the config.xml file.
  4. Follow How do I stop and start Web Security and V-Series services? to start all Websense services.
  5. Log on to TRITON Manager, click Web, under Main, click Policy Management, click Policies, and confirm that the imported policy information displays as expected.
Note Only your policy information is imported. You must manually enter your local settings, such as your directory service and alert configuration.
  
 

Windows Instructions

Generate a policy backup file (all versions):
  1. Navigate to the Websense bin directory, type the following commands, and press Enter:
PgSetup --save policy.wsdb
 
For versions 7.0 to 7.6 additional steps:
  1. Type config.xml and press Enter.
  2. Press CTRL+F and search for the word “token” (including the quotes).
  3. This should be visible: <data name="Token"> LONG-TOKEN-STRING-HERE </data>
  4. Double-click the token string, press CTRL+C and save it to a text file.
Note Version 7.7 to 8.5 allows the --no-clobber argument which will automatically grab the unique Postgres database token from the policy backup and move it over to the new deployment/installation, so backing up the config.xml token string is not needed.
  1. Move the policy.wsdb file and token string (if saved) to the destination server, or if upgrading in place, move to a file location that will not be deleted during the upgrade process.
  1. Go to the bin directory and back up the existing policy database:
PgSetup --save XX.backup_policy_db
  1. Move the backup file to a safe location. Name XX as the actual Forcepoint software version, such as 7.8.4 or 8.5.
  2. Follow Stopping and starting Websense services to stop all Websense services.
  3. Move the policy.wsdb file (created on the source server) into the bin directory on the new deployment.
 
For versions 7.7 to 8.5, importing the backup file:
  1. On the new deployment, navigate to the bin directory, type the following command to restore the policy database, and then press Enter:
 PgSetup --restore policy.wsdb --no-clobber
 
Note Missing the --no-clobber argument in 7.7-8.5 will result in problems with import of the policy.wsdb on the new server.
  1. If you are migrating your Policy Database to a newer version, type the upgrade command and press Enter:
PgSetup --upgrade

Note If the pgsetup backup collected from a mutiple Policy Broker replica environment is restored on a different server (with a different IP), the Policy Server service may not start. 
  1. Follow Stopping and starting Websense services to start all Websense services.
  2. Log on to TRITON Manager, click Web, under Main, click Policy Management, click Policies, and confirm that the imported policy information displays as expected.
 
For versions 7.0 to 7.6, importing the backup file:
  1. On the new deployment, navigate to the bin directory, type the following command to restore the policy database, and then press Enter:
PgSetup --restore policy.wsdb
  1. If you are migrating your Policy Database to a newer version, type the upgrade command and press Enter:
PgSetup --upgrade
  1. Rename config.xml.bak to config.xml.bak.old.
  2. Delete the journal.dat file.
  3. Synchronize the config.xml password with the Policy Database:
    1. In a Windows dialog box, open config.xml with a text editor, and search for the work “token” including the quotes.
    2. Replace the token value with the saved token from the source deployment server’s config.xml file.
    3. Save and close the config.xml file.
  4. Follow Stopping and starting Websense services to start all Websense services.
  5. Log on to TRITON Manager, click Web, under Main, click Policy Management, click Policies, and confirm that the imported policy information displays as expected.
Note Only your policy information is imported. You must manually enter your local settings, such as your directory service and alert configuration.




 
Keywords: policy database; pgsetup; restore backup; backup; policy server

Article Feedback



Thank you for the feedback and comments.