Change the Management Server IP address

When the Management Server and Log Server are installed on different appliances, you can change the IP address of the Management Server by following these steps.

Before changing the IP address, we recommend making a backup of the Management Server and the Log Server.

Note: If any Firewalls between the Management Server and other components do not use a policy based on the Firewall Template, check that they allow all necessary connections.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Request an IP address change for the Management Server license at https://⁠stonesoftlicenses.forcepoint.com.
  2. (Multiple Management Servers only) Open the Control Management Servers dialog box and temporarily exclude the Management Servers for which you are changing the IP address from database replication.
    For more information, see the topic that explains how to synchronize Management databases manually.
  3. Add Firewall IPv4 Access rules (and possibly NAT rules) that allow policy upload connections from the new IP addresses to the Firewall.
    The services needed for the communications between the different components are explained in the topic that lists SMC ports.
  4. (NGFW Engines with Node-Initiated contact to Management Server only) Open the Management Server Properties and add the new Management Server IP address as a Contact Address.
    The NGFW Engine must be able to contact the Management Server at both the current Management Server IP address and the new Management Server IP address.
  5. Refresh the Firewall Policies.
  6. Stop the Management Server and Log Server services.
  7. Change the IP address of the host server in the operating system.
  8. On the Management Server, run the command
    sgChangeMgtIPOnMgtSrv <new Management Server IP address>
  9. On all Log Servers, run the command
    sgChangeMgtIPOnLogSrv <new Management Server IP address>
  10. Start the Management Server and Log Server services and log on using the Management Client.
  11. Install the new Management Server license when prompted.
  12. Remove the Firewall IPv4 Access rules that you created in Step 3 and refresh the Firewall Policies.
    After running the IP address change scripts, the Alias elements in the inherited rules translate to the right IP addresses.
  13. If the replication status in the Info pane indicates a problem with database replication, synchronize the management databases manually.