How to change the IP address of the Trellix Intrusion Prevention System Manager
Technical Articles ID:
KB55482
Last Modified: 2024-01-17 11:12:11 Etc/GMT
Environment
Trellix Intrusion Prevention System (Trellix IPS)
IMPORTANT: Trellix IPS Manager has transitioned from MySQL to MariaDB.
- The Database used in Manager 9.1 changes to MariaDB with release 9.1.7.77.
- This article features different steps if using Manager 9.1.7.77 and later.
Summary
- Confirm the IP address defined for the SNMP IP:
- Open a command-line session on the Manager.
- Locate the tms.bat file under <Manager Installation Path>\App\bin.
- Right-click the file and click Edit.
- Confirm that you don't have an IP address defined for the SNMP IP address.
- Search for the string Dlumos.fixedManagerSNMPIPaddress
- The string must resemble the following:
-Dlumos.fixedManagerSNMPIPaddress=""
If it doesn't, remove the SNMP IP address and save the changes.
- If GUI access control is configured:
- Select Manager, Setup, GUI Access, Logon Control.
- Add the new IP network or address that you use to manage the Manager from the GUI.
- Change the IP address on the Manager:
- In the Manager notification area, click the Manager icon and select Stop Manager.
- In the Manager notification area, click the Manager icon and select Stop User Interface.
- Change the IP address of the host operating system on the Trellix IPS Manager to the needed value.
- Click the Manager notification area icon and click Start Manager.
- Click the Manager notification area icon and click Start User Interface.
- Update the Manager shortcut on the desktop and update the DNS records with the new IP address.
- If you don't perform step 2 and find that GUI access is denied already, perform the following steps to regain GUI access:
- On the Trellix IPS Manager, open a command prompt.
- Navigate to <database directory>\bin\:
- For Trellix IPS Manager 9.1.7.75 and earlier:
Type cd <Manager Installation Path>\MySQL\bin\ and press Enter.
- For Trellix IPS Manager 9.1.7.77 and later including 10.x and 11.x:
Type cd <Manager Installation Path>\MariaDB\bin and press Enter.
NOTE: For upgrades, the default location is the previous database installation directory.
- Log on to the Manager database command prompt:
Type mysql –uroot –p lf and press Enter.
- When prompted, enter the Database root password.
- Type select * from iv_emsproperties where name like '%iv.access.control.enabled%'; and press Enter.
If the result is TRUE, run the following query:
Type update iv_emsproperties set value = 'FALSE' where name like '%iv.access.control.enabled%'; and press Enter.
- Type exit and press Enter.
- Restart the Manager service.
- Log on to the Manager.
- Select Manager, Setup, GUI Access, Logon Control.
Add your new configuration or IP range as needed.
- Change the Manager IP address on one or more Sensors.
IMPORTANT: Repeat the following steps for each Sensor:
- Open a command-line console session to the Sensor.
- Type deinstall and press Enter.
- Type the following command and press Enter:
Set manager ip x.x.x.x
Here, x.x.x.x is the new IP address of the Manager
- Type set sensor sharedsecretkey, type the key used previously, and press Enter.
At this point, the Sensor contacts the Manager at the new address, negotiates the connection, and uploads any new alerts.
For LINUX-based Trellix IPS Manager:
- Change the IP address on the Trellix IPS Manager:
- Log on to the Manager shell.
- Stop the Manager service:
Type manager stop and press Enter.
- Type set network configuration and press Enter.
- Enter the Domain Name, Host name, New Manager IP address, Gateway IP address, and DNS IP address.
- Reboot the Linux-based Manager:
Type reboot and press Enter.
- Confirm the IP address defined for the SNMP IP:
- Log on to the Manager shell.
- Open the tms.sh file:
Type edit tms.sh and press Enter.
NOTE: The edit command in the Manager shell opens files in vi-editor. To perform any operations on the files, use vi_editor commands.
- Confirm that you don't have an IP address defined for the SNMP IP address:
Search for the string Dlumos.fixedManagerSNMPIPaddress
- If the string resembles the following, move on to the next step:
-Dlumos.fixedManagerSNMPIPaddress=""
- If it does not, remove the SNMP IP address between the quotes and save the changes.
- If GUI access control is configured:
- Select Manager, Setup, GUI Access, Logon Control.
- Add the new IP network or address to manage the Trellix IPS Manager from the GUI.
- If you don't perform step 2 and find that GUI access is denied already, perform the following steps to regain GUI access:
- Log on to the Manager shell.
- Enter the database shell:
Type dbShell and press Enter.
- Enter the database username and password. By default, the username and password are admin and admin123, respectively.
- Type select * from iv_emsproperties where name like '%iv.access.control.enabled%'; and press Enter.
If the result is TRUE, run the following query:
Type update iv_emsproperties set value = 'FALSE' where name like '%iv.access.control.enabled%'; and press Enter.
- Type exit and press Enter.
- Restart the Manager service.
- Log on to the Manager.
- Select Manager, Setup, GUI Access, Logon Control.
Add your new configuration or IP range as needed.
- Change the Manager IP address on one or more Sensors.
IMPORTANT: Repeat the following steps for each Sensor:
- Open a command-line console session to the Sensor.
- Type deinstall and press Enter.
- Type the following command and press Enter:
Set manager ip x.x.x.x
Here, x.x.x.x is the new IP address of the Trellix Intrusion Prevention System Manager.
- Type set sensor sharedsecretkey, type the key used previously, and press Enter.
At this point, the Sensor contacts the Manager at the new address, negotiates the connection, and uploads any new alerts.
|