Quick Start Guide

Congratulations!

You’re on your way to the simplest way to secure your network with agentless

discovery and access control for all of your devices. Please follow these easy

steps to set up your appliance.

Initial Setup Connect appliance to the network and determine IP address

1. Plug power cord into the power adaptor port on the Nano appliance, and into a 3-prong grounded outlet.

2. Connect the LAN Cable (Straight Through - T568B) to the Eth0 port of the NetSHIELD appliance. Network

Cable must be Type RJ -45, Category 5 cable or higher.

3. Connect a Monitor to the HDMI port.

4. Connect a Keyboard to one of the USB ports.

5. Press the power button on the top of the Nano.

Branch Pro/Enterprise

1. Plug power cord into the power jack in the rear of the NetSHIELD appliance and into a 3-prong grounded outlet.

2. Connect the LAN Cable (Straight Through - T568B) to the Eth0 port of the NetSHIELD appliance. Network

Cable must be Type RJ -45, Category 5 cable or higher.

3. Connect a Monitor to the VGA port.

4. Connect a Keyboard to a USB port.

5. Boot the appliance by pushing the red "Start" button on the left side of the front panel.

6. The green Power light will come on. The Yellow Disk Activity indicator will also flash. The front panel lights -

for BranchPRO and Enterprise variants (from right to left – see image below) are:

From right to left, below are the status lights labels:

• Power

• Hard Drive Activity

• Network Activity 1

• Network Activity 2

• System Overheat

An alternative connection method is to use a USB to USB null modem cable. This will allow a serial connection from

a PC USB port to a USB port on the NetSHIELD appliance.

NetSHIELD has been tested with a FTDI Chip brand USB NMC-2.5 m cable.

This is available from:

DigiKey - www.digikey.com

Part number 768-1076-ND

Connect the cable from a USB port on the PC to a USB port on the NetSHIELD appliance.

Use a terminal emulation program such as PuTTY.

Baud 38400

The COM port will depend upon the PC

The appliance will run through its startup, displaying its progress on the monitor.

Make a note of the DHCP assigned IP address (https://XX.X.XX).

The final number (443) is the port number.

As an alternative to using a monitor, the serial number of the appliance is also the MAC address of ETH 0. Look up

the ETH 0 MAC on the DHCP server to find the assigned IP.

NOTE: Ensure port 443 is open on the Firewall. This port must remain open while NetSHIELD™ is

operating so that service packs can be received for code updates, and updates to vulnerability tests

from NetSHIELD.

Quick Start Wizard (via Web GUI) The appliance runs DHCP by default. It will obtain an IP and then use it as a static IP. If desired the IP can be changed via the GUI or Console. The MAC appliance is also the serial number of the appliance so the assigned IP can be found by looking at the DHCP server and finding the MAC of the appliance.

With the sample configuration used previously, the GUI can now be accessed using the IP address and SSL port (if different from port 443).

1. Using an available browser (Firefox, IE, Chrome etc.) enter the IP address of the appliance (e.g.

https://192.168.10.10) and the following page will display:

This page indicates that the certificate use by the Netshield appliance isn't valid, by default NetSHIELD is

using a self-signed SSL Certificate.

2. To proceed to the appliance GUI, click on ADVANCED > Proceed to "site ip" (unsafe) as shown below:

Login using username and password.

The default is:

Username – MainAccount

Password – changeme

First Tab: License Agreement - displays the "EULA" for NetSHIELD. Review and then accept.

Second Tab: Main Account Password – The default password is "changeme" but for security

purposes, creating a new password is highly suggested.

Third Tab: Subscription Information - Fill the required entries marked with a red asterisk and save.

Fourth Tab: Ethernet Port Configuration - shows the status of the Ethernet ports.

Fifth Tab: Network Configuration - Fill the required entries marked with a red asterisk. In most cases, Eth0 is already configured previously via DHCP or the console. Other interfaces can be assigned a valid IP address or later configured as needed via the Network Configuration Tab.

Eth1 is a special port only used for monitoring but requires a valid IP address that is not found on the network. A suggestion is to use 1.1.1.1/255.255.255.255.

Note: If the IP Address for Eth0 or the SSL Port has changed, the appliance will restart.

• Hostname - assign a valid and relevant host name.

• SSL Port - default port is 443 which can be changed according to the network setup.

• Default Gateway - usually, the IP address of the router.

• DNS Server - DNS IP Addresses (e.g. 8.8.8.8, gateway IP address, ISP given DNS).

• Interface - Select the interface to be configured.

• VLAN - VLAN alias of the interface (e.g. office, finance, department) if used.

• VLAN Tag - a numerical value of the VLAN where the said interface belongs to. (e.g. 10, 20) if used.

• IP Address - a valid IP address of the interface (e.g. 192.168.10.10).

• Subnet Mask - network address of the IP address/interface (e.g. 255.255.255.0).

Sixth Tab: Notification Setup - configure the email notification by filling up the required

information marked with red asterisk, and then click Save.

Note: This section should be configured properly in order to send notifications, malware alerts, rogue asset

detection, and other notifications.

• Use Notification Email System - click the checkbox to enable this feature.

• Primary To Address - this is usually the main contact person/group in the organization. (e.g. IT admin, Network

Admin).

• Secondary To Address - add a secondary contact person/group.

• From Address - this will be the displayed email address for the appliance. (e.g. NetSHIELD@company.xyz)

• SMTP Mail Server - a valid SMTP gateway/server, this is usually provided by the mail provider. (e.g.

mail.company.xyz)

• SMTP Port - a valid SMTP port used by the mail server to send out emails, usually provided by the mail provider.

(e.g. 2525, 25)

• Username & Password – Credentials of the appliance email address (From Address) if required by the mail

server.

• Force TLS off - Enable this option if the mail server does not use SSL/TLS.

Seventh Tab: VLAN Tags – Configure VLANs associated with each physical interface. Every VLAN requires a valid

IP address to allow NetSHIELD to participate on the VLAN. The switch port will be set as a trunk and the VLANs will

be available in the trunk. Refer to the switch manufacture’s configuration guide to configure trunks. There is no hard

limit on the number of VLANs that can be configured but consider the total network load in the same manner as

when configuring a switch.

Eighth Tab: Initial Asset Detection - In this section, the appliance will perform an initial asset detection which

corresponds to the interfaces configured earlier. As shown below, it will scan 254 hosts on Eth 0, 254 hosts on Eth

0.50 (VLAN 50) and 254 hosts on Eth 0.100 (VLAN 100). Select "Refresh IPs" to perform the initial scan.

When discovery is complete, the Manage Assets window will open.