Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Deployment Quick Start Guide

            Introduction

            This article walks through the appliance deployment process at a high-level. We also have Configuration Guides with diagrams specific to each appliance. The following items from the contents of the shipped appliance are requirements for this process: 

            • Ethernet cables 
            • Appliance power cable
            • 1 USB YubiKey (NOTE: this is not required or included for Compact series appliances)


            Table of contents


            Deploying The Appliance

            Preparing Your Network for the Appliance

            You will need to set the following configurations within your network before you install the appliance.  

            1. The appliance will need one IP address used for the Management IP connection. 
              • We recommend a standard Dynamic Host Configuration Protocol (DHCP) address for the simplest installation. The appliance also requires a working DNS, which is normally provided by the DHCP. 
            2. The appliance will need to be able to communicate to an outbound cloud-based relay over port UDP/443. 
              • More information on that outbound domain will be described in a later step.


            Installing the Hardware

            The following instructions outline the process of installing your physical appliance into your organization's IT infrastructure. 

            1. Physically install the appliance in your environment. 
              • This must be a location that allows for the appropriate airflow and in an orientation that keep the fans unobstructed for proper cooling.
            2. Using the provided GREEN ethernet cable, connect it to the GREEN port on the appliance and to a LAN port on your network switch.
            3. If your appliance shipped with a USB YubiKey, ensure it is securely plugged in to a USB port on the appliance.
            4. Connect the power cable and power on the appliance.
            5. Wait 15 minutes, then check the connectivity of your appliance by browsing to appliance's local IP address and accessing the management interface at https://<local_ip_address>/appliance_status/status/. 
              • See Verifying Your Deployment below for more on connecting to an appliance's status page.


            Preparing the Traffic Connections

            The appliance monitors traffic passively and does not actively block or interfere with traffic. For optimum monitoring, all external internet nodes must be covered. So, the appliance should have access to all public<->private traffic that is inbound and outbound from your network (north-south traffic).


            Choosing Your Traffic Monitoring Configuration

            The appliance can be deployed in either a mirrored or inline configuration, outlined below. The monitoring configuration for appliances is determined during your organization's scoping phase with our Sales and Sales Engineering teams.      


            Port-Mirrored Configuration 

            This configuration is recommended if you have multiple internal networks subtended from your network switch, as there is typically no single point where the networks may be accessed inline before the NAT.


            In a port-mirrored configuration, the appliance is connected, out-of-band, to one or more LAN interfaces off your network device. Your network device (firewall or switch) must be configured for port mirroring (also called port spanning), as this is the method used to copy and send traffic from your mirrored port(s) to a single destination port for monitoring. 


            The process to configure port mirroring will vary by device manufacturer. Please refer to device manufacturer's documentation for more information.


            Inline Configuration

            The inline configuration is not available for the Compact series appliances.


            The appliance requires access to traffic before it is NATed; therefore, the appliance must be connected in your network behind the NAT device. The recommended connection is between the firewall (NAT device) and network switch. 


            With this configuration, the appliance is connected in between the firewall or ISP router and the internal switch. This placement allows the appliance to monitor all traffic traveling over the wire from the internal network to the internet, since it is inline on that connection. 


            To minimize risk of network outage in the inline configuration, the appliance's network card has a built-in mechanism that automatically reroutes traffic directly between the network ports, bypassing the appliance if it is reset or powered off. When using this configuration, the deployment of the appliance will require a network outage for the period of the installation. 


            Making the Traffic Connections

            The following sections describe the cable connections for our appliances, based on your chosen monitoring configuration. Be sure that you have prepared your network for the appliance and made the necessary configurations for your deployment.  

             

            Mirrored Configuration

            Before performing this procedure, you need to configure your switch or firewall to mirror north-south traffic ports to a destination port for monitoring.


            1. Ensure that you have configured a port mirror on your network device that replicates traffic from all LAN ports to a single mirror port destination.
              1. (Optional) To confirm that port mirroring is sending traffic, connect a laptop running Wireshark on the network device's destination port and verify that Wireshark captures the traffic being mirrored.
            2. Using the providsed yellow or red ethernet cable, connect it to the appliance's yellow or red interface and then to your network device's port mirrored destination port.
              1. (Optional) Repeat steps 1-3 as many times as necessary by configuring mirror ports on your remaining switches/firewalls and connecting them to additional yellow appliance ports.
            3. Wait 15 minutes, then check the connectivity of your appliance by browsing to appliance's local IP address and accessing the management interface at https://<local_ip_address>/appliance_status/status/. 
              • See Verifying Your Deployment below for more on connecting to an appliance's status page.


            Inline Configuration

            For ease of maintenance, we recommend replacing your preexisting network cables with our color-coded network cables.


            This process will create a temporary network outage while deploying the appliance, so we recommend scheduling this procedure with your organization's IT team.


            1. Break the existing connection between your firewall or LAN interface and your switch's WAN interface. 
              • This action will cause a network outage, but it will be reconnected through connections running through the appliance.
            2. Using the provided blue ethernet cable, connect it to the appliance'a blue interface and to your network switch's WAN interface.
            3. Using the provided yellow ethernet cable, connect it to the appliance's yellow interface and to your firewall's LAN/inside interface.
              1. (Optional) If your appliance is configured with additional yellow and interfaces, repeat steps 2&3 to connect the additional inline connection(s).
            4. Wait 15 minutes, then check the connectivity of your appliance by browsing to appliance's local IP address and accessing the management interface at https://<local_ip_address>/appliance_status/status/. 
              • See Verifying Your Deployment below for more on connecting to an appliance's status page.

             

            Verifying Your Deployment

            You can check the status of your appliance deployment by browsing to the local IP address of the management interface at:


                https://<appliance's local_ip_address>/appliance_status/status/


            The appliance_status page will confirm the appliance's connectivity, as well as provide error messages that can assist in resolving any issues. 


            It can also confirm the Relay Server Hostname, to which your appliance requires outbound access to via 443/UDP.


            Logging into the Appliance Status Page

            After using your appliance IP address to browse to the status page, you will need to login using a username and password.


            The username, regardless of your appliance type, for logging in will always be "appliance-config". The 

            password for this page will depend on your appliance type (see below).

             

            The following sections outline how to find the service tag or MAC address on your physical appliance, which are used in the password for the appliance's status page.


            Logging in via Compact series appliances

            When logging in using a Compact series appliance, the appliance password uses a concatenation of "fieldeffect_" and the appliance's 15-character service tag, found on the bottom of the appliance.


            Example login credentials for a Compact series appliance would be as follows: 

Username: appliance-config
Password: fieldeffect_123456789102345 (fieldeffect_15 character appliance serial)


            The image below shows an example of the service tag on the bottom of a Compact series appliance.



            Logging in Via Shuttle and Oskar series appliances

            When logging in using a Shuttle or Oskar series appliance, the status page password uses a concatenation of:

            • "fieldeffect_M" 
            • The second half (last 6 characters) of the appliance's MAC address (do not include the ":" between each character set).


            Example login credentials for a Shuttle or Oskar series would be as follows: 

Username: appliance-config
password: fieldeffect_MF1B2C3 (fieldeffect_M+last 6 characters of the MAC address)


            The image below shows an example of the MAC address found on the Shuttle or Oskar series appliance. 


            Business and Enterprise series appliances

            When logging in using a Business or Enterprise series appliance, the Status page password for Business and Enterprise series appliances uses a concatenation of "fieldeffect_" and the appliance's 7-character service tag.


            Example login credentials for a Business or Enterprise series appliance would be as follows: 

Username: appliance-config
Password: fieldeffect_F9HGKC5 (fieldeffect_7 digit appliance service tag)


            The image below shows an example of the service tag on a Business or Enterprise series appliance. Using this example, the appliance's credentials would be: fieldeffect_F9HGKC5



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0