Skip to main content

BlastShield Documentation

Using a FIDO2 Key

BlastShield™ Remote User access is highly secure and convenient. In just a few simple steps your remote users are quickly authenticated and connected to the BlastShield™ network of their choice. Remote users can use their FIDO2 Compliant key with the BlastShield™ Desktop Client to quickly access the network. Connecting to BlastShield™ network using a FIDO2 key involves the following workflow.

Open the Desktop Client on your computer

  1. In the Desktop Client, chose the FIDO2 key authentication method.

  2. Insert your FIDO2 key into your computer and enter the PIN.

  3. In the Desktop Client, select the network Interact with the FIDO2 key to confirm.

using_a_FIDO2_key.png

Download the Desktop Client using the following links.

Desktop Client download links

Click on the hyperlinks below to download the Client software. For Linux, you can paste the download command into your terminal.

6190887312c2564dd1e863df_apple-brands.svg macOS

6190887312c256f8e6e863e6_windows-brands.svg Windows

6190887312c2561246e863e3_linux-brands.svg Linux curl https://dl.blastwave.io/client/install.sh | bash

Client OS support
BlastShield™ Client supported operating systems

Operating System

Supported Versions

Linux

Debian based distributions: Debian 10 / Ubuntu 18.04 LTS and onward. RPM based distributions: CentOS 7 and onward. ARM: All permutations on arm32, arm64 and x86_64.

Windows

Windows Server 2012 and onward. Windows 10 and onward.

macOS

macOS 10.13 and onward.

Client Connectivity Requirements

  1. Allow outbound access to the following domains. Whitelist these on your firewall as necessary or if you use an SSL web proxy then bypass them from the proxy:

    auth.blastwave.io and lighthouse.blastwave.io on TCP port 443.

  2. Outbound UDP ports to all required destinations.

  3. Resolution of DNS requests must be supported by the network.

  4. If you use DNS over HTTPS, ensure it is configured in your OS and not in your browser to allow the BlastShield Client to use its associated DNS server.

  5. Ensure that the timezone is correctly set on your computer for your location and that the clock is set accurately.

  6. Orchestrator access requires IPv6 support in the OS of the host running the desktop client, so make sure there is no Windows group policy disabling IPv6 in the registry.

The following articles explain in more detail how to use a FIDO2 Compliant Key for accessing your BlastShield™ network.

In this section: