Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
152 posts
|
This post was updated on May 31, 2016; 10:58pm.
hi
if you're new to Shield / haven't used it for a while, please read this: DocumentationIn the Tutorials section, there are a bunch of original Itus documents/guides that you should read, especially the Shield Admin Guide.Below you will find links to instructions how to upgrade your shield. My recommendation is to 1) setup shield following the admin guide in either Router or Bridge mode. 2) make sure to activate the "advanced mode". 3) have a working SSH connection (dropbear instance setup) 4) and a working internet connection before you upgrade Shield. Working with Shield will require some basic Linux/OpenWRT knowledge. Please check these sites: OpenWRT CLI and Linux for beginners Do NOT use Shield in [G]ateway mode - Itus has never fully developed this setup and not many users have reported it to work successfully! Software & toolsWhile the browser interface (sometimes called LuCI) can handle most actions, you will probably need to transfer files or have command line access (also called CLI) using a SSH connection.Please check the custom tools section on some commonly used software in combination with Shield. Putty : Access to the command line (CLI) WinSCP : Transfer files from/to shield, change access rights and file ownership Terminal cableThe development of Shield is not as mature as the over-the-counter solutions for a router/firewall/wifi that you can buy in Walmart or on Amazon. Sometimes Shield won't fully boot at all (= no web interface available), in that case a terminal cable in combination with Putty will help solving your problem.Here is a link on how to buy a terminal cable: http://itus.accessinnov.com/Console-cable-411-td140.html Upgrading Shield softwareOriginally ITUS released version 1.0 or RC2 on shipped devices. However they released a more stable version in November 2015, namely 1.51SP1. This should be your starting point for Shield.To check your version, connect to shield (https://10.10.10.10 (switch in [R]outer) or https://x.y.z.111 (switch in [B]ridge) or https://shield.lan (both) . On the bottom of the page, it will show you the major software version. If it is not 1.51 SP1 - please check http://itus.accessinnov.com/Upgrade-to-1-51SP1-td10.html for instructions how to upgrade. Updating shield detection filtersThe final key step is make sure that the detection filters are updated regularly. This is done via a script called fw_upgrade which needs to be replaced with a version that works without Itus. Please check fw_upgrade v8.2 for the latest version.(Note: the link above may change due to active development. Please check for FW_Upgrade version 8.x recent postings by Roadrunner42 ) Scheduled TasksShield has several tasks scheduled to update the time and the ISP filter definitions. Some of these tasks are scheduled too often (every 10 minutes) for no reason. These tasks are scheduled using a cronjob, if you want to learn more, please check here.In LuCI go to System > Scheduled tasks you can replace it with the following: # daily at 01:00 - upgrade IPS rules 0 1 * * * sh /sbin/fw_upgrade # daily at 00:00 - sync clock 0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart press save&apply when done. The "sync.clock" task is now using an US based time clock. Check NTP.ORG for more localized servers in your area. What is next?Great, at this point your Shield is at 1.51SP1 and you have the latest upgrade script. Internet should be working now with Shield in either router or gateway mode.If you want you can install hotfixes to solve or improve minor things. ProblemsIf you have problems, don't hesitate to ask for help on this forum. Probably some of us has encountered your problem before.
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Great Job Hans can't thank you and all the other experts enough for everything you have done you have help keep the Shield updated going
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
112 posts
|
In reply to this post by hans2
Hans,
Thank you for this guide. Just to mention that the link for the FW_Upgrade_V8 is incorrect (takes you to Console cable page). Also - I am running my Shield in Bridge mode, running 1.51 SP1. My IPS rules update every night (as confirmed on the Status page). Can I assume everything is ok, or do I need to do anything else to keep Shield doing it's job? Sorry, just a little confused about what (if anything) MUST be done to keep this working. I'd rather not tinker unless absolutely necessary. Thanks again -T
Running v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
In reply to this post by hans2
Hi, Hans I change the Scheduled tasks to the Following in router mode but it did not update IPS at 1:00 AM
Scheduled tasks you can replace it with the following: # daily at 01:00 - upgrade IPS rules 0 1 * * * 0 sh /sbin/fw_upgrade # daily at 00:00 - sync clock 0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
112 posts
|
looks like a typo breda, remove the 0 after * * *
I think it should read 0 1 * * * sh /sbin/fw_upgrade -T
Running v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Thanks for the help Turrican here is my updated Scheduled Tasks # daily at 01:00 - upgrade IPS rules 0 1 * * * sh /sbin/fw_upgrade # daily at 00:00 - sync clock 0 0 * * * /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart |
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
112 posts
|
looks good breda, should work now.
Running v2 Firmware
|
Loading... |
Reply to author |
Edit post |
Move post |
Delete this post |
Delete this post and replies |
Change post date |
Print post |
Permalink |
Raw mail |
344 posts
|
Thanks
|
Free forum by Nabble | Edit this page |