In order to perform the upgrade, you will need the USB drive that was shipped to you.
Depending on the device model, you may connect using a VGA monitor/keyboard, DB9 to USB serial, RJ45 serial, or mini-USB serial port (see Connecting to the Serial Port). If you are unsure of your device's available connection(s), please reach out to the support team.
The admin interface will need to be plugged into a network that has Internet access and DHCP. We recommend that the bridging interface be unplugged during the upgrade since we will need to perform several reboots.
Prepare for the upgrade
If you are upgrading to ThreatBlockr 2.0 on a ThreatBlockr running our 1.0 software, you'll want to follow the following steps. If you are using a USB to install the 2.0 software for the first time, or re-install 2.0 on a ThreatBlockr running 2.0 that is having a problem accessing the Recovery Console, you can skip these steps and move directly to the next section, "Install ThreatBlockr 2.0 Recovery Console".
- Connect to the admin interface of the existing ThreatBlockr 1.0 over HTTPS. Go to System -> Import/Export and click Export System Configuration. This will save a backup copy of the config for safe keeping.
- Check if your policies are being managed by GMC by going to Resource Groups. If you see a green check mark in the GMC column, your policies are managed by GMC and will be synchronized to the ThreatBlockr after the upgrade to the new software (and you can skip to the next step).
If any of the Policies are not being managed by GMC, you can export these to GMC. This will make sure all Policy settings are available on GMC and will be synchronized to the new ThreatBlockr. In the admin interface on the System -> Import/Export page you’ll see a green Export button, which will allow you to download a file to your local machine that you can upload in the GMC.
Once you have downloaded the Export file, log into the GMC and navigate to the System -> Import page. Click the Choose button to locate the file on your local machine and then click on the green Upload button.
After selecting the file to upload, you’ll want to select the Policies and Exception Lists shown to you and click the Import button (you may select multiple lists, or all lists, in one upload) to upload to GMC.
- Connect the USB drive, keyboard, and monitor to the ThreatBlockr. Take the bridging interface out of line of the network if desired.
Install ThreatBlockr 2.0 Recovery Console
|NOTE: Screenshots, available buttons, and names may vary depending on model.|
- Reboot the ThreatBlockr by going to System -> Reboot, or manually power cycle the device.
- When rebooting, if your device DOES HAVE an option for "Boot Menu", press the appropriate key to open the Boot Menu, then move to step 3a. If your device DOES NOT HAVE an option for "Boot Menu", press the appropriate key to open Setup/BIOS, then move to step 3b.
- a) Select the USB drive.
b) In the BIOS, navigate to the Boot menu and set the USB drive to priority #1. After setting the boot priority, navigate to the Save & Exit menu, then select Save Changes and Reset.
- The device will boot into the Bandura Installer menu. If connected via monitor/keyboard, select Bandura Installer. If connected via serial port, select Bandura Installer (serial).
- Once the Bandura Installer boots, you will be prompted to login. Use the username root, press enter to login, press any key to continue, and once continued, select your appropriate model number. This model number will be sent to you via email.
- Select Install Recovery Console, then select Yes to reformat the drives.
- After successfully installing the recovery console, select Reboot.
License and Install ThreatBlockr 2.0 software
- While the device is rebooting, unplug the USB installer.
- On the boot menu, select Recovery Console and press Enter.
- After the Recovery Console has booted, log in with the username 'root' and password 'redrum'. Press Enter to continue.
- Upon logging into the Recovery Console, you will now be able to re-install the software using option 1 on the Main Menu, and confirming your desire to re-install the software.
- When the software has been successfully installed, select option 3 to reboot, then confirm.
- After rebooting, follow the directions to enter setup. The device will proceed to boot into the ThreatBlockr.
- To access the ThreatBlockr menu, enter the username 'admin' and password 'bandura'.
Changing the IP address through the console
- From the Main Menu, to connect the admin interface to the internet, select Network Menu.
- From the Network Menu, you can view the default admin interface settings by selecting option 1.
- From the Network Menu, to connect the admin interface to the internet, select change admin interface settings.
- From the Admin Interface Menu, select option 1 to configure with DHCP or select option 2 to configure with static IP.
- Most customers will choose to configure with static IP. The Static IP configuration requires 4 entries: IP Address for the ThreatBlockr, Netmask, Default Gateway IP, DNS Server IP.
- If you wish to use DHCP, select Configure with DHCP to obtain a new DHCP Lease. Upon return to the main menu, select option 1 to display the admin interface settings, which will show the IP Address and Default Gateway obtained via DHCP.
Reconfigure ThreatBlockr settings
- In a browser window, navigate to the device login page at the readdressed IP set in the console using the steps above (e.g. https://192.168.1.118). Login using username 'admin', password 'admin'.
- Read and accept the EULA terms by clicking Agree.
- Next, activate your ThreatBlockr by entering your GMC credentials, naming your device, and clicking the Submit button. Note: You should have received an email notifying you that your GMC account had been created, allowing you to confirm and create your password. If you did not receive the email, or you received a message that the link had expired by the time you clicked to create your password, you can go to https://gmc.banduracyber.com and use the Forgot Password workflow to create your password.
- Upon login, you may see a warning banner at the top of the page saying that the ThreatBlockr has lost contact with the GMC. Click on the "Fix" button, and then click "Fix" again in the modal to resolve the GMC hostname. In most cases the warning banner should disappear quickly.
- In the left menu, select Network > Admin Interface to view your interface settings.
- Click on the DNS tab to view your DNS Servers. If desired, you may change the default DNS servers to servers of your choosing. Simply Enter your DNS server IP(s) in the provided fields and press "Save" to complete.
- Next, select "Settings" in the left menu and choose "Date & Time". Ensure your proper time zone is set.
- Click the NTP Servers tab and click on the green + icon to add your NTP server. If you do not have one, we recommend using time.google.com. Click the Create button to add the NTP server.
- Check the system logs by selecting Logging in the left menu, followed by Internal Logs. Here you should see the device connecting to GMC with status 200. It may take a few minutes for the banner to go away, you can also try refreshing the page. If the banner does not go away, or you see many critical errors in the logs, please reach out to our team by email at firstname.lastname@example.org for assistance.
- Before beginning the upgrade, steps were provided to ensure policies were either already set up in GMC, or imported from the ThreatBlockr 1.0 device to GMC. Now that the ThreatBlockr is upgraded to 2.0, you will need to set the policies to pull from the GMC. Select Resource Groups from the left menu. You should see both Default Inbound and Default Outbound resource groups pre-created. Click on the green pencil icon for the Default Inbound group. In the Policy dropdown, select the policy from GMC that you created as your inbound policy. We recommend for Inbound traffic to set the Drop Action to discard. Repeat the step for the Default Outbound group, setting the policy from GMC that you created as your outbound policy. We recommend setting the Drop Action to either ICMP reachable or TCP reset. You may establish as many Resource Groups as needed, and configure Service Groups to apply policies for different protocols on your network. Contact our team by email at email@example.com for further information or assistance.
- By clicking on Settings in the left menu and choosing General, you can review and update the general settings for the device, including the hostname, lockout time/attempts, as well as password and session settings .
- You may also add additional user accounts, if you wish, by selecting System in the left menu and choosing Users.
- Finally, you will need to reconfigure your external syslog configuration by selecting Logging in the left menu and choosing External Syslog.
Assigning your subscription to your ThreatBlockr appliance
In order to ensure your ThreatBlockr appliance can connect to and sync with the GMC, you will need to confirm the assignment of your subscription to the device. To do this, log into GMC at https://gmc.banduracyber.com. Click on Subscriptions in the left menu. On the Subscriptions page, you will see your Threatblock software subscription on the left side of the page, and your ThreatBlockr appliance on the right side of the page. If needed, click on the subscription in the left column and drag the subscription across to the asset and release. Finally, click on the Save button to complete the assignment. If the subscription is already assigned to the device, please move to the next step.
Updating the device software in the GMC
- Navigate to https://gmc.banduracyber.com/assets. If not signed in, sign in with your GMC username and password.
- You will see your ThreatBlockr device in the list having been upgraded to the 2.0 software.
- In most cases, during the upgrade to 2.0 your Threatblockr device will be updated to the latest version of the 2.0 software. However, in some cases there may have been a new build released since the software was installed on the USB. If there is a newer build available, you will see a green number next to the Available Software button:
- Click on the Available Software button to update your software to the latest version of the ThreatBlockr 2.0 software. You may update the software right away, or schedule the update for a later time (though we strongly recommend updating the software now). Your device will reboot during the update process, however the process itself is fully automated. All of your future software updates will be done in this same manner.
- At this point, the upgrade process should be complete. You can find the ThreatBlockr 2.0 manual on our help site. Refer to the manual for any questions or contact our support team for any further assistance needed.