In order to perform the upgrade, you will need the USB drive that was shipped to you.
Depending on the device model, you may connect using a VGA monitor/keyboard, DB9 to USB serial, RJ45 serial, or mini-USB serial port (see Connecting to the Serial Port). If you are unsure of your device's available connection(s), please reach out to the support team.
The admin interface will need to be plugged into a network that has Internet access and DHCP. We recommend that the bridging interface be unplugged during the upgrade since we will need to perform several reboots.
Prepare for the upgrade
- Connect to the admin interface of the existing ThreatBlockr over HTTPS. Go to System -> Import/Export and click Export System Configuration. This will save a backup copy of the config for safe keeping.
- Check if your policies are being managed by GMC by going to Resource Groups. If you see a green check mark in the GMC column, your policies are managed by GMC and will be synchronized to the ThreatBlockr after the upgrade to the new software (and you can skip to the next step).
If any of the Policies are not being managed by GMC, you can export these to GMC. This will make sure all Policy settings are available on GMC and will be synchronized to the new ThreatBlockr. In the admin interface on the System -> Import/Export page you’ll see a green Export button, which will allow you to download a file to your local machine that you can upload in the GMC.
Once you have downloaded the Export file, log into the GMC and navigate to the System -> Import page. Click the Choose button to locate the file on your local machine and then click on the green Upload button.
After selecting the file to upload, you’ll want to select the Policies and Exception Lists shown to you and click the Import button (you may select multiple lists, or all lists, in one upload) to upload to GMC.
- Connect the USB drive, keyboard, and monitor to the ThreatBlockr. Take the bridging interface out of line of the network if desired.
Install ThreatBlockr 2.0 Recovery Console
|NOTE: Screenshots, available buttons, and names may vary depending on model.|
- Reboot the ThreatBlockr by going to System -> Reboot, or manually power cycle the device.
- When rebooting, if your device DOES HAVE an option for "Boot Menu", press the appropriate key to open the Boot Menu, then move to step 3a. If your device DOES NOT HAVE an option for "Boot Menu", press the appropriate key to open Setup/BIOS, then move to step 3b.
- a) Select the USB drive.
b) In the BIOS, navigate to the Boot menu and set the USB drive to priority #1. After setting the boot priority, navigate to the Save & Exit menu, then select Save Changes and Reset.
- The device will boot into the Bandura Installer menu. If connected via monitor/keyboard, select Bandura Installer. If connected via serial port, select Bandura Installer (serial).
- Once the Bandura Installer boots, you will be prompted to login. Use the username root, press enter to login, press any key to continue, and once continued, select your appropriate model number. This model number will be sent to you via email.
- Select Install Recovery Console, then select Yes to reformat the drives.
- After successfully installing the recovery console, select Reboot.
License and Install ThreatBlockr 2.0 software
- While the device is rebooting, unplug the USB installer.
- On the boot menu, select Recovery Console and press Enter.
- After the Recovery Console has booted, log in with the username 'root' and password 'redrum'. Press Enter to continue.
- To connect the admin interface to the internet, select Network Config.
- If DHCP is supported, select Start DHCP to obtain a new DHCP Lease.
- If DHCP isn't supported, select Configure Network to set a static IP. The Static IP configuration requires 4 entries: IP Address for the ThreatBlockr, Netmask, Default Gateway IP, DNS Server IP
- In the menu, select Request License and enter the new Registration Code (provided by support) and Serial Number (on the device or provided by support). Press enter to use the default support site URL.
- Next, select Reinstall firmware:
- After the software is installed, select Reboot.
- The device will now reboot into the standard ThreatBlockr 2.0 software with a default admin interface IP of 192.168.1.1/24. You can now change the IP address of the device either through the WEB UI (https://192.168.1.1, username 'admin', password 'admin') or through the console. See instructions below for changing the admin interface IP through the console.
Changing the IP address through the console
- Login with the username of 'admin' and password of 'bandura'.
- Select Network Menu and then Change admin interface settings.
- Select either DHCP or static IP and if static IP, enter the interface settings.
Reconfigure ThreatBlockr settings
- In a browser window, navigate to the device login page at http://192.168.1.1 (or the readdressed IP set in the console using the steps above).
- Login using username 'admin', password 'admin'.
- Read and accept the EULA terms by clicking Agree.
- Upon login, you should see a warning banner at the top of the page saying that the ThreatBlockr has lost contact with the GMC. Click on the "Fix" button, and then click "Fix" again in the modal to resolve the GMC hostname.
- You will be prompted to set a valid DNS server. Enter your DNS server IP(s) in the provided fields and press "Save" to complete.
- Next, select "Settings" in the left menu and choose "Date & Time". Click the NTP Servers tab and click on the green + icon to add your NTP server. If you do not have one, we recommend using time.google.com. Click the Create button to add the NTP server.
- Check the system logs by selecting Logging in the left menu, followed by Internal Logs. Here you should see the device connecting to GMC with status 200. It may take a few minutes for the banner to go away, you can also try refreshing the page.
- If the banner does not go away, or you see many critical errors in the logs, please reach out to our team by email at email@example.com for assistance.
- Before beginning the upgrade, steps were provided to ensure policies were either already set up in GMC, or imported from the ThreatBlockr 1.0 device to GMC. Now that the ThreatBlockr is upgraded to 2.0, you will need to set the policies to pull from the GMC. Select Resource Groups from the left menu. You should see both Default Inbound and Default Outbound resource groups pre-created. Click on the green pencil icon for the Default Inbound group. In the Policy dropdown, select the policy from GMC that you created as your inbound policy. We recommend for Inbound traffic to set the Drop Action to discard. Repeat the step for the Default Outbound group, setting the policy from GMC that you created as your outbound policy. We recommend setting the Drop Action to either ICMP reachable or TCP reset.
- By clicking on Settings in the left menu and choosing General, you can review and update the general settings for the device, including the hostname, lockout time/attempts, as well as password and session settings .
- You may also add additional user accounts, if you wish, by selecting System in the left menu and choosing Users.
- Finally, you will need to reconfigure your external syslog configuration by selecting Logging in the left menu and choosing External Syslog.
Updating the device software in the GMC
- Navigate to https://gmc.banduracyber.com/assets. If not signed in, sign in with your GMC username and password.
- You will see your ThreatBlockr device in the list having been upgraded to the 2.0 software. The device will show the same Serial Number, but display your new Registration Code.
- In most cases, during the upgrade to 2.0 your Threatblockr device will be updated to the latest version of the 2.0 software. However, in some cases there may have been a new build released since the software was installed on the USB. If there is a newer build available, you will see a green number next to the Available Software button:
- Click on the Available Software button to update your software to the latest version of the ThreatBlockr 2.0 software. You may update the software right away, or schedule the update for a later time (though we strongly recommend updating the software now). Your device will reboot during the update process, however the process itself is fully automated. All of your future software updates will be done in this same manner.
- At this point, the upgrade process should be complete. You can find the ThreatBlockr 2.0 manual on our help site. Refer to the manual for any questions or contact our support team for any further assistance needed.