In order to perform the upgrade, you will need to create a bootable USB installer using the ISO file shared with you by the Customer Success team.
Depending on the device model, you may connect using a VGA monitor/keyboard, DB9 to USB serial, RJ45 serial, or mini-USB serial port (see Connecting to the Serial Port). If you are unsure of your device's available connection(s), please reach out to the Customer Success team.
The admin interface will need to be plugged into a network that has Internet access and DHCP/IP. We recommend that the bridging interface be unplugged during the upgrade since we will need to perform several reboots.
Configuring appliance to boot from the USB installer
|NOTE: Screenshots, available buttons, and names may vary depending on the model.|
- Insert USB installer in a USB slot on the device.
- Reboot the ThreatBlockr by going to System -> Reboot, or manually power cycle the device.
- When rebooting, press the appropriate key to open Setup/BIOS.
- In the BIOS, navigate to the Boot menu and set the USB drive to priority #1.
- Change the "Select boot mode" from the existing setting (likely LEGACY/UEFI) to LEGACY.
- After setting the boot priority, navigate to the Save & Exit menu, then select Save Changes and Reset, then reboot the device.
Installing ThreatBlockr Recovery Console
|NOTE: Screenshots, available buttons, and names may vary depending on the model.|
The first step with using the USB Installer to install ThreatBlockr is to install the Recovery Console, which will then allow you to install the software itself.
- The device will boot into the Bandura Installer menu. If connected via monitor/keyboard, select Bandura Installer. If connected via serial port, select Bandura Installer (serial).
- Once the Bandura Installer boots, you will be prompted to login. Use the username root, press enter to login, press any key to continue, and once continued, select your appropriate model number. This model number will be provided by the Customer Success team.
- Select Install Recovery Console, then select Yes to reformat the drives.
- After successfully installing the recovery console, select Reboot.
License and Install ThreatBlockr from Recovery Console
- While the device is rebooting, unplug the USB installer.
- On the boot menu, select Recovery Console and press Enter.
- After the Recovery Console has booted, log in with the username 'root' and password 'redrum'. Press Enter to continue.
- Upon logging into the Recovery Console, you will now be able to re-install the software using option 1 on the Main Menu and confirm your desire to re-install the software.
- When the software has been successfully installed, select option 3 to reboot, then confirm.
- After rebooting, follow the directions to enter setup. The device will proceed to boot into the ThreatBlockr.
- To access the ThreatBlockr menu, enter the username 'admin' and password 'bandura'.
Changing the IP address through the console
- From the Main Menu, to connect the admin interface to the internet, select Network Menu.
- From the Network Menu, you can view the default admin interface settings by selecting option 1.
- From the Network Menu, to connect the admin interface to the internet, select change admin interface settings.
- From the Admin Interface Menu, select option 1 to configure with DHCP or select option 2 to configure with static IP.
- Most customers will choose to configure with static IP. The Static IP configuration requires 4 entries: IP Address for the ThreatBlockr, Netmask, Default Gateway IP, and DNS Server IP (up to 3).
- If you wish to use DHCP, select Configure with DHCP to obtain a new DHCP Lease. Upon return to the main menu, select option 1 to display the admin interface settings, which will show the IP Address and Default Gateway obtained via DHCP.
Reconfigure ThreatBlockr settings
- In a browser window, navigate to the device login page at the readdressed IP set in the console using the steps above (e.g. https://192.168.1.118). Login using username 'admin', password 'admin'.
- Read and accept the EULA terms by clicking Agree.
- Next, if you did not add DNS entries in the previous step, click on the blue "Network Settings" link, which will allow you to access the Network Settings page on the device. Click on the DNS tab to add your DNS settings. Simply Enter your DNS server IP(s) in the provided fields and press "Save" to complete. Once the DNS has been added, click on the link to return to activation.
- You will now be able to activate your ThreatBlockr by entering your GMC credentials, naming your device, and clicking the Submit button. If you get a message stating that your license already exists, simply go to the browser's address bar and re-enter the URL (e.g. https://192.168.1.2) and enter to be directed to the ThreatBlockr UI (if it does not work, try opening in a private/incognito window). Upon login, you may see a warning banner at the top of the page saying that ThreatBlockr has lost contact with the GMC. In most cases, the warning banner should disappear quickly, once the DNS has fully resolved and the connection with GMC is established.
- In the left menu, select Network > Admin Interface to view your interface settings.
- Click on the DNS tab to view your DNS Servers and confirm the DNS you entered previously.
- Next, select "Settings" in the left menu and choose "Date & Time". Ensure your proper time zone is set.
- Click the NTP Servers tab and click on the green + icon to add your NTP server. If you do not have one, we recommend using time.google.com. Click the Create button to add the NTP server.
- Check the system logs by selecting Logging in the left menu, followed by Internal Logs. Here you should see the device connecting to GMC with status 200. It may take a few minutes for the banner to go away, you can also try refreshing the page. If the banner does not go away, or you see many critical errors in the logs, please reach out to our team by email at email@example.com for assistance.
- You will now need to select the policies created in GMC to apply to ThreatBlockr. Select Resource Groups from the left menu. You should see both Default Inbound and Default Outbound resource groups pre-created. Click on the green pencil icon for the Default Inbound group. In the Policy dropdown, select the policy from GMC that you created as your inbound policy. We recommend for Inbound traffic to set the Drop Action to discard. Repeat the step for the Default Outbound group, setting the policy from GMC that you created as your outbound policy. We recommend setting the Drop Action to either ICMP reachable or TCP reset. You may establish as many Resource Groups as needed, and configure Service Groups to apply policies for different protocols on your network. Contact our team by email at firstname.lastname@example.org for further information or assistance.
- By clicking on Settings in the left menu and choosing General, you can review and update the general settings for the device, including the hostname, lockout time/attempts, as well as password and session settings .
- You may also add additional user accounts, if you wish, by selecting System in the left menu and choosing Users.
- Finally, you will need to reconfigure your external syslog configuration by selecting Logging in the left menu and choosing External Syslog.
Assigning your subscription to your ThreatBlockr appliance
In order to ensure your ThreatBlockr appliance can connect to and sync with the GMC, you will need to confirm the assignment of your subscription to the device.
- Log into GMC at https://gmc.banduracyber.com.
- Click on Subscriptions in the left menu.
- On the Subscriptions page, you will see your Threatblock software subscription on the left side of the page, and your ThreatBlockr appliance on the right side of the page. If needed, click on the subscription in the left column and drag the subscription across to the asset and release.
- Finally, click on the Save button to complete the assignment. If the subscription is already assigned to the device, please move to the next step.
Updating the device software in the GMC
- Navigate to the Assets page in GMC.
- You will see your ThreatBlockr device in the list with the updated software version.
- If there is a newer software build available, you will see a green number next to the Available Software button:
- Click on the Available Software button to update your software to the latest version of the ThreatBlockr 2.0 software. You may update the software right away, or schedule the update for a later time (though we strongly recommend updating the software now). Your device will reboot during the update process, however, the process itself is fully automated. All of your future software updates will be done in the same manner.
- At this point, the upgrade process should be complete. Please contact our support team for any further assistance needed.