KB Article | Forcepoint Support

Problem Description

There is a database download failure message being received on the V-Series appliance. 

Also, the Forcepoint Security Manager displays the following image for the status of the download:


User-added image

 

Resolution

In order to resolve the issue, follow the troubleshooting options below.
  1. Manually start the database download
    1. Open the Forcepoint Security Manager for the appliance that is failing.
    2. Click Main > Status > Dashboard > Database Download
    3. Select the Filtering Service IP address and click Update.
A progress screen will show the progress of the database download. Sometimes, it may require a refresh of the screen to see the progress bars moving.
 
  1. Verify that the Subscription Key is valid
    1. Open the Forcepoint Security Manager (formerly TRITON).
    2. Click Web > Settings > General > Account.
    3. Verify that the subscription key has not expired.
  2. Verify the database download schedule
    1. Open the Forcepoint Security Manager.
    2. Click Settings > General > Database Download
    3. View all options to ensure settings are configured to download daily.
  3. Verify that there is enough disk space on the appliance
    1. Open the Forcepoint Security Manager.
    2. Click Web > Main > Status > Alerts.
    3. Verify that there are no active alerts notifying of low disk space on the appliance.
 
User-added image
 

Note If there is an alert about low disk space, contact Forcepoint Support for assistance in identifying what is taking up disk space.
  1. Check memory and CPU usage
    • ​Open the Appliance Manager (for versions 8.2 and earlier) and click Status > CPU and Memory.

Note If memory and CPU usage are high, additional Memory and CPU may be allocated to the Websense Web Security module. If the Network Agent module is not being used to filter spanned traffic, then try disabling the module and restarting the appliance.

  1. Check to ensure that the firewall in your environment is not blocking downloads.
 
  1. Restart the Websense Web Security services.
    1. From the Appliance Manager (version 8.2 and earlier), click Module > Websense Web Security > Stop services.
    2. After all services are stopped, click Start Services.
    3. After all services are running again, test by manually downloading the database (Step 1).
​Note Refer to the CLI guide for instructions on starting and stopping services for version 8.3 and later.
  1. ​Restart the Appliance
    1. From the Appliance Manager, click Modules > Appliance > Restart Appliance.
    2. After the appliance restarts, test by manually downloading the database (Step 1).
Important Filtering will stop temporarily until the appliance comes back online.
  1. The appliance needs to be able to download through the C interface
    1. ​To check connectivity, open the Appliance Manager (version 8.2 and earlier).
    2. Click Administration > Toolbox > Command Line Utility > Launch Utility. 
    3. Select the following parameters:
      • Module: Websense Web Security
      • Command: wget
      • URL: download.websense.com
    4. Click Run.
The URL should connect and a sample index.html file will download. The following message will display.
 
(Websense Web Security)#wget -t 3 --progress=dot --no-check-certificate --delete download.websense.com
--08:32:18--
http://download.websense.com/
Resolving download.websense.com... 204.15.67.80
Connecting to download.websense.com|204.15.67.80|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 835 [text/html]
Saving to: `index.html'

0K 100% 72.4M=0s

08:32:18 (72.4 MB/s) - `index.html' saved [835/835]

Removing index.html.

(Websense Web Security)#

  1. If the connection in option 9 fails, then use nslookup, ping, and tracert to further troubleshoot.
    1. Use nslookup to verify the Filtering Service is able to resolve URLs to the IP address
      1. Open the Appliance Manager and click Administration > Toolbox > Command Line Utility > Launch Utility.
      2. Select the following parameters:
        • Module: Websense Web Security
        • Command: nslookup
        • Host: download.websense.com
        • DNS server: <DNS server IP>
      3. Click Run.
Note If an IP address is not returned, check if the configured DNS servers are working.
  1. Run the ping -I command to check connectivity using different interfaces
  1. Open the Appliance Manager and click Administration > Toolbox > Command Line Utility > Launch Utility.
  2. Select the following parameters:
    • Module: Websense Web Security
    • Command: ping -l
    • Interface: C
    • Destination: download.websense.com
  3. Click Run.
Note If the connection fails, test by entering an IP address as the destination. This eliminates DNS.
  1. Run the tracert command to show the route taken by the packet
  1. Open the Appliance Manager and click Administration > Toolbox > Command Line Utility > Launch Utility.
  2. Select the following parameters:
    • Module: Websense Web Security
    • Command: tracert
    • Destination: download.websense.com
  3. Click Run.
Note If the connection fails, test by entering an IP address as the destination. This eliminates DNS.
  1. Proxy the database download through the P1 interface
By default, the Master Database downloads are done through the C interface on the V-Series appliance. If the C interface is unable to access the Internet due to the network infrastructure, then a different route needs to be used. To enable database downloads using the P1 interface, complete the following steps:
  1. Open the Forcepoint Security Manager.
  2. Click Settings > General > Database Download.
  3. Under Proxy Server or Firewall, select the Use proxy server or firewall box.
  4. Type either:
  • The physical IP address of the P1 interface
  • The P1 virtual interface 169.254.254.1
  • Either IP used, port: 8080
  1. Download the Master Database manually (Note will require Forcepoint Support assistance for users with appliances)
    1. Log on to the appliance as the root user.
    2. Type ssh wse to move tot he WSE dom.
    3. Type cd/opt/Websense and press Enter.
    4. Type ./WebsenseAdmin stop and press Enter to stop all services.
    5. Type cd /opt/Websense/bin and press Enter.
    6. Type mv *.p12 /tmp -f and press Enter.
    7. Type mv *.xfr /tmp -f and press Enter.
    8. Type mv *.idx /tmp -f and press Enter.
    9. Type mv journal.dat /tmp -f and press Enter.
    10. Type rm -f -r Websense and press Enter.
    11. Type rm -f -r supplemental.db and press Enter.
    12. Type cd/opt/Websense and press Enter.
    13. Type ./WebsenseAdmin start and press Enter to start all services.
  2. Contact Forcepoint Technical Support for further assistance.

Article Feedback



Thank you for the feedback and comments.