Shield - Beginners guide

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Shield - Beginners guide

Hans
Administrator
This post was updated on .
hi

if you're new to Shield / haven't used it for a while, please read this:

Documentation

In the Tutorials section, there are a bunch of original Itus documents/guides that you should read, especially the Shield Admin Guide.

Below you will find links to instructions how to upgrade your shield. My recommendation is to
1) setup shield following the admin guide in either Router or Bridge mode.
2) make sure to activate the "advanced mode".
3) have a working SSH connection (dropbear instance setup)
4) and a working internet connection

before you upgrade Shield.

Working with Shield will require some basic Linux/OpenWRT knowledge. Please check these sites: OpenWRT CLI and Linux for beginners 

Do NOT use Shield in [G]ateway mode - Itus has never fully developed this setup and not many users have reported it to work successfully!

Software & tools

While the browser interface (sometimes called LuCI) can handle most actions, you will probably need to transfer files or have command line access (also called CLI) using a SSH connection.

Please check the custom tools section on some commonly used software in combination with Shield.

Putty   : Access to the command line (CLI)
WinSCP : Transfer files from/to shield, change access rights and file ownership

Terminal cable

The development of Shield is not as mature as the over-the-counter solutions for a router/firewall/wifi that you can buy in Walmart or on Amazon. Sometimes Shield won't fully boot at all (= no web interface available), in that case a terminal cable in combination with Putty will help solving your problem.
Here is a link on how to buy a terminal cable: http://itus.accessinnov.com/Console-cable-411-td140.html


Upgrading Shield software

Originally ITUS released version 1.0 or RC2 on shipped devices. However they released a more stable version in November 2015, namely 1.51SP1. This should be your starting point for Shield.

To check your version, connect to shield (https://10.10.10.10 (switch in [R]outer) or https://x.y.z.111 (switch in [B]ridge) or https://shield.lan (both) . On the bottom of the page, it will show you the major software version.

If it is not 1.51 SP1 - please check http://itus.accessinnov.com/Upgrade-to-1-51SP1-td10.html for instructions how to upgrade.

Updating shield detection filters

The final key step is make sure that the detection filters are updated regularly. This is done via a script called fw_upgrade which needs to be replaced with a version that works without Itus. Please check fw_upgrade v8.2 for the latest version.

(Note: the link above may change due to active development. Please check for FW_Upgrade version 8.x recent postings by Roadrunner42 )

Scheduled Tasks

Shield has several tasks scheduled to update the time and the ISP filter definitions. Some of these tasks are scheduled too often (every 10 minutes) for no reason. These tasks are scheduled using a cronjob, if you want to learn more, please check here.

In LuCI go to System > Scheduled tasks you can replace it with the following:

# daily at 01:00 - upgrade IPS rules
0 1 * * * sh /sbin/fw_upgrade
# daily at 00:00 - sync clock
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart

press save&apply when done.

The "sync.clock" task is now using an US based time clock. Check NTP.ORG for more localized servers in your area.



What is next?

 Great, at this point your Shield is at 1.51SP1 and you have the latest upgrade script. Internet should be working now with Shield in either router or gateway mode.  

If you want you can install hotfixes to solve or improve minor things.


Problems

 If you have problems, don't hesitate to ask for help on this forum. Probably some of us has encountered your problem before.
Using Shield Pro v1, Chaos Calmer, FW 1.51 SP1, Bridge Mode

2nd Shield as Sandbox, Chaos Calmer, FW 1.51 SP1 + hotfixes
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

breda
Great Job Hans can't thank you and all the other experts enough for everything  you have done you have help keep the Shield updated  going
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

Turrican
In reply to this post by Hans
Hans,

Thank you for this guide.

Just to mention that the link for the FW_Upgrade_V8 is incorrect (takes you to Console cable page).

Also - I am running my Shield in Bridge mode, running 1.51 SP1. My IPS rules update every night (as confirmed on the Status page).  Can I assume everything is ok, or do I need to do anything else to keep Shield doing it's job?

Sorry, just a little confused about what (if anything) MUST be done to keep this working. I'd rather not tinker unless absolutely necessary.

Thanks again
-T

Running Bridge Mode
v1.51 SP1 + Hotfix Mar 9
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

breda
In reply to this post by Hans
Hi, Hans I change the Scheduled tasks  to the Following in router mode but it did not update IPS at 1:00 AM


Scheduled tasks you can replace it with the following:

# daily at 01:00 - upgrade IPS rules
0 1 * * * 0 sh /sbin/fw_upgrade
# daily at 00:00 - sync clock
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

Turrican
looks like a typo breda, remove the 0 after * * *

I think it should read 0 1 * * * sh /sbin/fw_upgrade

-T

Running Bridge Mode
v1.51 SP1 + Hotfix Mar 9
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

breda

Thanks for the help  Turrican here is my updated Scheduled Tasks


# daily at 01:00 - upgrade IPS rules
0 1 * * *  sh /sbin/fw_upgrade
# daily at 00:00 - sync clock
0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

Turrican
looks good breda, should work now.

Running Bridge Mode
v1.51 SP1 + Hotfix Mar 9
Reply | Threaded
Open this post in threaded view
|

Re: Shield - Beginners guide

breda
Thanks