Registering Email Appliances with Data Security fails

Registering Email Appliances with Data Security fails

Summary
For registration to work, check password and ports between Forcepoint Email Security Manager Server and Email Security Gateway.
Notes and Warnings
Once Data Security has successfully registered, Forcepoint Email Security Gateway will start listening on the ports listed below. Ensure the Forcepoint Email Security Manager Server can connect to the ESG appliance E1 (P1) interface on the following ports. These ports become active after the registration.

Manager > Appliance:
Ports:
17700 - 17714
2525
25

To test connectivity from the Forcepoint Email Security Server to the appliance, use telnet:
  1. Open a command prompt on the TRITON Manager server.
  2. Type in: telnet IP_address port
(* Substitute IP_address ESG appliance E1 interface (P1 for V5000). Substitute port for the port you want to test.)
 
If you get a blank window with a flashing cursor, it means the connection was successful. If the connection fails, then an error message displays.
 
Problem
I am trying to register Data Security in Forcepoint Email Security Manager via Settings > Data Security.  Manual and automatic registration fails with the following error:
 
Registration failed. Please check Data Security management server status and network configuration before you try again.
 
The Data Security Status shows as "Unregistered".
Solution

Password:

For registration to work, check password and ports between Forcepoint Email Security Manager Server and Email Appliance (ESG).

  • Verify account used has correct permissions.
  • Check account password. Remove all special characters.


For ESG registration details, see Admin guide section: “Registering the DLP Module.”
 

Ports:
 
Ensure the following ports are open between the Forcepoint Email Security Manager server and Email Security Gateway:

 
Appliance > Manager: The Email Security Gateway appliance E1 / P1  interface must be able to connect to the Forcepoint Email Security Manager server on the following ports:

17500 - 17515
 
Testing connectivity: To test connectivity from the Email Security Gateway Appliance to the  Forcepoint Email Security Manager server,  use the instructions below: 
 
  • For version 8.3 and newer versions
  1. SSH to the C interface of the appliance.
  2. Log in as admin.
  3. Type diag
  4. Type nc --protocol tcp --dest <Manager _IP> --port xx --module email
  5. Expected reply if successful: Connection to xxxxxx [tcp] succeeded!
  6. If the connection fails, an error message displays.
  • For version 8.2 and older versions 
  1. Log in to the Appliance Manager.
  2. Under Administration > Toolbox, launch the Command Line Utility.
  3. Under Module, select Websense Email Security Gateway.
  4. Under Command, select nc -vz.
  5. In the Destination box, enter the hostname of the Manager server and the port you want to test, then hit Run.
A successful connection will return a "succeeded!" message. If the connection fails, an error message will be displayed.
 
 
Adding a route for the E1/P1 interface:
If you can successfully connect to the Forcepoint Email Security Manager server from the C interface of the appliance, but the connection fails from the E1/P1 interface,  you may need to add a route in the appliance:
 
  • For version 8.3 and newer versions
  1. SSH to the C interface of the appliance.
  2. Log in as admin.
  3. Type config
  4. Type set component_route --dest <ipv4_address> --mask <ipv4_netmask> --module email
  • For version 8.2 and older versions 
  1. Launch Appliance Manager.
  2. Navigate to Configuration > Routing > Module Routes.
  3. Add a route for the Websense Email Security Gateway module.  Enter  the Destination Network and the Subnet Mask for the Forcepoint Email Security Manager server. 

 
This will route all traffic from the Email Security Gateway Appliance to the Forcepoint Email Security Manager server network through the Appliance C interface.

Related kbs:

Unregistering and re-registering ESG with DLP

Re-Registering WEB/DLP/EMAIL Components to the Forcepoint Management Infrastructure




 
keywords: register dlp; unregister esg dlp; data security; registration failed; install; upgrade; network; port; connection fails