Problem

In closed networks updating the ESG license is a problem that requires some flexibility to solve.

First of all, to update an ESG license you MUST have some sort of internet connection, which in most closed environments can be achieved by a proxy server.


The big problem here is that to even set a proxy server in the ESG Web GUI, you need to configure the process with access to the required Forcepoint URLs.



Solution:
Forcepoint license server is:

download.websense.com
or
download.forcepoint.com (v8.5.3 and above)

If the customer has a hybrid feature in his license, then the following additional URL is required, since Forcepoint will need to sync with the hybrid service as well:

hsync-email.mailcontrol.com

This means that in order for us to set the proxy to correctly update the license the following proxy configuration are required:


No Hybrid:


With Hybrid:


In addition, as part of the connection process the ESG will try to download a special wget file from Forcepoint:

https://download.forcepoint.com:443/cgi-bin/nph-wsget20.exe

The download of the file must be allowed for the process to work.


SSL Inspection MUST be disabled.


If database downloads are required as well, then the last 2 checkboxes must be checked. The URLs for all the update servers can be found in the following KB:

https://support.forcepoint.com/KBArticle?id=000016750