Initial configuration and deployment of the Bandura Cyber ThreatBlockr will be performed utilizing the Bandura Cyber ThreatBlockr’s easy-to-use, intuitive, graphical user interface. Once the ThreatBlockr is initially configured and deployed, the cloud-based Global Management Center (GMC) will be used by organizations to interface, configure, and manage the Bandura Cyber ThreatBlockr platform. Additionally, Bandura Cyber offers a powerful suite of APIs for those organizations seeking more flexibility and control. For more information, see the Global Management Center (GMC) User Manual.
We suggest that prior to configuring your Bandura Cyber ThreatBlockr, that this manual is reviewed in its entirety, and that the security policies specific to your organization are considered.
YOUR BANDURA CYBER THREATBLOCKR ARRIVES WITH AN ‘ALLOW ALL’ POLICY CONFIGURATION
The Bandura Cyber ThreatBlockr provides several ports on the back of the device labeled according to the device type.
For initial configuration, locate the port labeled “Admin”, this port will be used to administer the Bandura Cyber ThreatBlockr. Note that the “Admin” port will also be used once deployed, to receive continued update information from the Bandura Cyber cloud-based Actionable Threat intelligence (ATI) servers.
Once your appliance is powered on, connect an ethernet cable to both the “Admin” port of the Bandura Cyber ThreatBlockr, and to a switch inside your local network. Connect the computer that you will be performing initial configuration to the same switch.
Configuring the Admin Interface to Access the Web UI
Via Command Line Interface (Recommended)
See instructions for connecting to the command line interface at the following page: https://helpdesk.banduracyber.com/hc/en-us/articles/360056104071-Connecting-to-the-Console
Once connected and logged in to the CLI:
- From the Main Menu, to connect the admin interface to the internet, select Network Menu.
- From the Network Menu, you can view the default admin interface settings by selecting option 1.
- From the Network Menu, to connect the admin interface to the internet, select change admin interface settings.
- From the Admin Interface Menu, select option 1 to configure with DHCP or select option 2 to configure with static IP.
- Most customers will choose to configure with static IP. The Static IP configuration requires 4 entries: IP Address for the ThreatBlockr, Netmask, Default Gateway IP, DNS Server IP.
- If you wish to use DHCP, select Configure with DHCP to obtain a new DHCP Lease. Upon return to the main menu, select option 1 to display the admin interface settings, which will show the IP Address and Default Gateway obtained via DHCP.
Once the admin interface settings have been updated, you should be able to access the web UI from a browser located on the same subnet.
Initial Login to the ThreatBlockr Web UI
In the address bar of your browser, using https, enter the IP address assigned to the admin interface (e.g. https://192.168.1.199)
You should be directed to the Bandura Cyber ThreatBlockr login screen. The default credentials are:
- Username: admin
- Password: admin
Read and accept the EULA terms by clicking Agree.
Next, activate your ThreatBlockr by entering your GMC credentials, naming your device, and clicking the Submit button. Note: You should have received an email notifying you that your GMC account had been created, allowing you to confirm and create your password. If you did not receive the email, or you received a message that the link had expired by the time you clicked to create your password, you can go to https://gmc.banduracyber.com and use the Forgot Password workflow to create your password.
Upon login, you may see a warning banner at the top of the page saying that the ThreatBlockr has lost contact with the GMC. Click on the "Fix" button, and then click "Fix" again in the modal to resolve the GMC hostname. In most cases the warning banner should disappear quickly.
Changing Your Password
Click on the profile icon in the top right corner and select Your Profile. Enter a new password and enter it again to confirm. Click Save to submit your changes.
By default, a new Bandura Cyber ThreatBlockr requires passwords to be at least eight characters in length. New passwords must also contain at least three character groups, or classes of characters.
There are four character groups:
- Upper case characters: A-Z
- Lower case characters: a-b
- Numbers: 0-9
- Symbols, such as: !@#$%^_
According to the default security settings on the Bandura Cyber ThreatBlockr, these are valid passwords:
- Ar43P5df (eight characters and three groups)
- 3RTy_22e8 (nine characters and four groups)
These are not valid passwords:
- A4_e (only four characters)
- REVLPQWDSG (only one character group)
Complete Configuration of the Admin Interface
For the ThreatBlockr device to access the internet, you will need to configure the DNS server address. To do this, navigate to the Network > Admin Interface page, then select the DNS tab and follow the prompts to add the DNS servers information specific to your network. You can add up to 3 DNS servers.
Setting the Date & Time
Navigate to Settings > Date & Time
We recommend using an NTP server so that the clock on your ThreatBlockr device is properly synchronized.
Configure clock synchronization on your ThreatBlockr by selecting “NTP Servers” and selecting the icon. Follow the prompts in the pop-up window to configure your NTP Server.
If you don't have your own NTP server, we recommend using a public NTP such as time.google.com or pool.ntp.org (for your region).
Assigning your subscription to your ThreatBlockr appliance
In order to ensure your ThreatBlockr appliance can connect to and sync with the GMC, you will need to assign your subscription to the asset. To do this, log into GMC at https://gmc.banduracyber.com. Click on Subscriptions in the left menu. On the Subscriptions page, you will see your Threatblock software subscription on the left side of the page, and your ThreatBlockr appliance on the right side of the page. Simply click on the subscription in the left column and drag the subscription across to the asset and release. Finally, click on the Save button to complete the assignment.
Confirming the ThreatBlockr Configuration
While there are many other configuration options, the steps outlined here are the minimum necessary to get your device connected, and ready to filter traffic.
To confirm that your device is correctly configured and connecting to the internet, click on Assets in the left menu within GMC. From here, you should see your newly configured ThreatBlockr appliance with a recent last connection time. The connection from the appliance to the GMC is refreshed once per minute.
Updating the device software in the GMC
On the Assets page, you will see your ThreatBlockr device in the asset list. In most cases, your Threatblockr device will have the latest version of our 2.0 software. However, in some cases, there may have been a new build released since the ThreatBlockr was shipped to you. If there is a newer build available, you will see a green number next to the Available Software button:
Click on the Available Software button to update your software to the latest version of the ThreatBlockr 2.0 software. You may update the software right away, or schedule the update for a later time (though we strongly recommend updating the software now). Your device will reboot during the update process, however the process itself is fully automated. All of your future software updates will be done in this same manner.
If you have followed these steps, and your ThreatBlockr device is still unable to connect to the internet, here are some common causes:
- Your firewall is filtering the connection to the Bandura sites necessary for the service.
- Allow through the our following domains and/or IPs: https://helpdesk.banduracyber.com/hc/en-us/articles/360057222631
- The date & time on the device are skewed.
- Navigate to Logging > Internal Logs > System. Check the time stamp for the latest logs and validate that the date & time are correct.
- Try using a public NTP server such as time.google.com or pool.ntp.org
- The DNS server does not respond.
- Try using a public DNS server such as Google's 126.96.36.199 or Cloudflare's 188.8.131.52
Still having issues? Contact us at email@example.com.