Introduction
Initial configuration and deployment of the threatER Enforce software will be performed utilizing Enforce’s easy-to-use, intuitive, graphical user interface. Once Enforce is initially configured and deployed, the cloud-based threatER Portal will be used by organizations to interface, configure, and manage the threatER platform. Additionally, threatER offers a powerful suite of APIs for those organizations seeking more flexibility and control. For more information, see our threatER API documentation.
We suggest that prior to configuring Enforce, you review this documentation in its entirety and that the security policies specific to your organization are considered.
Initial Configuration
Configuring the Admin Interface to Access the Enforce Software UI
Once you have the Enforcer powered on, you'll want to connect the admin port into your local network using a standard RJ45 ethernet cable. Below are screenshots showing the location of the admin port for the Lanner 1510A 1G set-top appliance and the Dell R350 10G appliance:
Lanner 1510A:
Dell R350:
To configure the admin (management) interface, threatER recommends accessing to the Command Line Interface on the Enforcer. To do this, you will need to either connect a laptop to the console port of the appliance running the Enforce software or connect a VGA monitor and USB keyboard (depending on your hardware model). Alternatively, you can connect a laptop to the admin port and set your laptop’s IP to be on the 192.168.1.0/24 network, then connect to https://192.168.1.1 in a web browser.
When connecting a laptop to the console port, you can use Putty or a text terminal or terminal emulation program. The port settings are:
- Baud: 38400
- Data Bits: 8
- Parity: None
- Stop Bits: 1
The CLI Console is a low-level control program that can be used to configure settings, including the Network and User configurations. It can be accessed while the system is in a normal operational state.
You’ll see a login screen that will generally resemble the following screen either via console port access or VGA+keyboard access. Regardless of your input paradigm, enter the following credentials:
- default login: ubuntu
- default password: enforce
Note that if the login and passwords shown above do not work, please reach out to our Customer Success team by emailing us at customersuccess@threater.com and we will be happy to provide assistance.
After successful login, you will be directed to a shell prompt, where you can take the following steps:
- Enter the command "/sbin/admin_shell" at the prompt to access the CLI menu:
- From the Main Menu, to connect the admin interface to the internet, select Network Menu.
- From the Network Menu, you can view the default admin interface settings by selecting option 1.
- From the Network Menu, to connect the admin interface to the internet, select change admin interface settings.
- From the Admin Interface Menu, select option 1 to configure with DHCP or select option 2 to configure with static IP.
- Most customers will choose to configure with static IP. The Static IP configuration requires 4 entries: IP Address for the Enforcer, Netmask, Default Gateway IP, DNS Server IP. NOTE: When configuring a static IP address it is now required to use a non-routable IP address from the following RFC-compliant non-routable pools only:
-
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
-
- If you wish to use DHCP, select Configure with DHCP to obtain a new DHCP Lease. Upon return to the main menu, select option 1 to display the admin interface settings, which will show the IP Address and Default Gateway obtained via DHCP.
Once the admin interface settings have been updated, you should be able to access the software UI from a browser located on the same subnet. At this time you may return to the Main Menu by selecting option 7 to go back, and then choose option 8 to exit.
Initial Login to Enforce software UI
In the address bar of your browser, using https, enter the IP address assigned to the admin interface (e.g. https://192.168.1.199).
If you receive a message stating “your connection is not secure”, you will need to add an exception. Go to advanced settings, or click on a link that will allow you to connect after accepting the warning (depending on your browser).
You should be directed to the Enforce login screen. The default credentials are:
- Username: admin
- Password: admin
After clicking the Sign In button, read and accept the EULA terms by clicking Agree.
Next, activate your Enforcer by entering your threatER Platform admin credentials, naming your device, and clicking the Submit button.
You should have received an email notifying you that your threatER Portal admin account had been created, allowing you to confirm and create your password.
If you did not receive the email (title "threatER Account Activation"), or you received a message that the link had expired by the time you clicked to create your password, please contact our Customer Success team for further assistance. You can not activate your Enforcer by clicking the "Forget Password" link in the Portal login page. Only creating your password through Activation email link will work to activate the Enforcer.
Upon login, you may see a warning banner at the top of the page saying that Enforce does not have a valid license. After assigning the subscription to the Enforcer in the threatER Portal (in a forthcoming step), the warning banner will disappear shortly thereafter.
Completing Configuration in the threatER Portal
Assigning Subscriptions to Enforcers
In order to ensure the Enforce software can connect to and sync with the threatER Portal, you will need to assign your subscription to your Enforcer.
Log into the threatER Portal, click on Enforce in the left menu, then select Subscriptions from the tabs at the top of the page.
On the Subscriptions page, you will see a list of your Enforcers along with a dropdown that will allow you to apply a subscription to each Enforcer. Simply select the subscription in the dropdown associated with the Enforcer to assign it. Finally, click on the Save button to complete the assignment.
Note that when you assign the subscription to your Enforcer for the first time, if the Enforce software version is not the latest version available, the software should immediately automatically update itself.
Confirming Enforcer Connection
To confirm that your Enforcer is connecting to the threatER Portal as expected, click on Enforce in the left menu and then select Enforcers. From here, you should see your newly registered Enforcer with a current last connection time. The connection from the Enforcer to the threatER Portal is refreshed once per minute.
Confirming the Date & Time
Navigate to the Portal > Enforcers > Enforce > select the Enforcer hyperlinked name > Configuration > Settings > Timezone.
On the Timezone field, change the time zone from UTC to the time zone for the location where the Enforcer will be deployed.
Confirming NTP Server
Enforce uses an NTP server so that the clock on your Enforcer is properly synchronized. By default, the software leverages the time.google.com NTP server.
You also have the option to add your own NTP server by going to New, adding a valid IP or domain host and selecting Create. If you don't have your own NTP server, we recommend using a public NTP such as time.google.com or pool.ntp.org (for your region).
Confirmation of the sync will be indicated by a green clock alert icon next to NTP Servers title. It might take a few minutes for the server to sync with the Enforcer.
Exporting Logs
Syslog exports are an industry-standard and time-proven way of exporting data in a concise, standards-based manner. Our syslog export format is compliant to RFC-5424. This ensures seamless integration alongside any number of external tools, including popular security information and event management (SIEM) tools, such as Splunk and IBM QRadar, as well as popular data analytics tools like Gravwell, and even full open-source tools like syslog-ng.
For more information on utilizing this feature, please see our documentation on Enforce Syslog Export Configuration and Formats.
Completing configuration in the Enforce UI
Confirm Bridging Interface
Navigate to Network > Bridging Interface
On the Bridging Interface page, confirm that the bridge pair is showing. Note the link status will show as Down until you place the instance inline by connecting the Enforcer's outside and inside ports.
Confirming Configuration of the Admin Interface
In order to allow the Enforcer to access the internet, the DNS server address is set by default in the software to open source DNS (see screenshot). If you wish, you may update the DNS server addresses to use internal DNS, if desired. threatER recommends leaving at least one open-source DNS in the list in case your internal DNS servers experience a problem.
To do this, navigate to the Network > Admin Interface page, then select the DNS tab and confirm the DNS values entered earlier in the process. You can edit the entries and add up to 3 DNS servers.
Changing Your Password
By default, Enforce requires passwords to be at least eight characters in length. New passwords must also contain at least three character groups or classes of characters. There are four character groups:
- Upper case characters: A-Z
- Lower case characters: a-b
- Numbers: 0-9
-
Symbols, such as: !@#$%^_
Change the Admin Password
It is recommended that as part of the configuration process, you change the Enforcer admin user's password from admin to a password that is more secure.
Navigate to System > Users > Admin Users
Click the Green pencil icon to the right of the admin user profile. Create and confirm the new password. You will need to add an email address before saving the changes (e.g. an IT listserv email or one that matches the portal). The username is still admin unless changed.
Change the Console User
The ubuntu user is used when logging into the console, whether via keyboard/monitor, serial port, or SSH. We recommend changing the default password for this user to remain secure. Ensure that this password is saved internally in case you need it to troubleshoot the system.
Navigate to System > Users > Console User
Select the "Change Console Password" button. Enter a new password and then confirm the password. Click Change Password to submit your changes.
Training and Configuration Steps
Reach out to your customer success manager or customersuccess@threater.com to confirm your Polices and Networks. Customers deploying threatER for the first time will verify all configuration steps and set up lists, policies and networks on a 1 hour configuration and training call with their customer success manager.
Configuring Policies
Policies allow users to determine what is allowed through networks or ports. Users can create as many policies as they need to protect each of their networks as there isn't a limit to the number of policies that can be created.
For new customers deploying Enforce for the first time, you will want to create policies in the threatER Portal. Please see our documentation on Configuring Policies before continuing with your configuration. If you have previously created policies, and intend to use the same policies on the Enforcer you are presently configuring, please move to the next step.
Configuring Networks
Enforce inspects Network traffic to determine which packets to block and allow. Policies attached to Networks determine the internet services allowed into your network, as well as those services your local users can access outside the network.
One or more network rules comprise a Network, and each network is identified as a device, asset, or subnet on your network. If the Enforcer receives traffic for the configured IP, then it will allow traffic according to the policy associated with the Network. Each Network configuration includes a protocol and port, or range of ports, so that you may restrict specific policy activity to as granular a level as required.
For new customers deploying Enforce for the first time, you will want to create a Network in the threatER Portal. Please see our documentation on creating Networks before continuing with your configuration. If you have previously configured a Network, and intend to assign this Enforcer to that network, please see our documentation on editing Networks in order to assign the new Enforcer to the existing network.
Troubleshooting
If you have followed these steps, and Enforce is still unable to connect to the Portal, here are some common causes:
- Your firewall is filtering the connection to the sites necessary for the service.
- Allow our domains and/or IPs in your firewall rules. See this help center article for details.
- The date & time on the device is skewed.
- In the Enforce software UI, navigate to Logging > Internal Logs > System. Check the time stamp for the latest logs and validate that the date & time are correct.
- Try using a public NTP server such as time.google.com or pool.ntp.org
- The DNS server does not respond.
- Try using a public DNS server such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1
Are you still having issues? Contact us at support@threater.com.
Comments
0 comments
Please sign in to leave a comment.