BlastShield Documentation

New firmware is available for the following applications.

Release 1.2 supports TLS in the Orchestrator and will use HTTPS on the Orchestrator user interface.  Once an Orchestrator has been upgraded to release 1.2 any attempt to access the orchestrator through HTTP (http://orchestrator/, http://<IP>/, etc) will be redirected to HTTPS and the new fqdn of the orchestrator (https://orchestrator. blastshield.io in the default case).

You will have the facility to upload a certificate for the Orchestrator hostname.  The certificate can either be a signed certificate for a previously downloaded signing request, or a zip archive containing both a private key and a matching certificate.

For those Orchestrators where the default DNS suffix (blastshield.int) is being used (i.e., where the Orchestrator is currently accessed at "http://orchestrator.blastshield.int") then the fqdn will change to "https://orchestrator.blastshield.io" once the upgrade to release 1.2 is performed.  BlastShield can upload the certificate for orchestrator.blastshield.io as required. Please open a support request if you require the certificate for "orchestrator.blastshield.io" to be uploaded to your Orchestrator.

For an Orchestrator where the default DNS suffix has been updated from the default setting, then the DNS suffix will not change when release 1.2 is applied. In this case you must provide your own certificate. See this article for instructions on how to upload your TLS certificate to the Orchestrator.

It is possible to provision multiple DNS suffixes which you can use to apply to endpoints and agents. Additional DNS suffixes may be added to the DNS suffix configuration in the Network Settings page. Once configured, then you may select one or multiple of these to apply to individual endpoints and agents in the endpoint or agent configuration. To be able to configure multiple DNS suffixes you must be using release 1.2 or later. To be able to access endpoints using a secondary DNS suffix requires that the client or agent software to be upgraded to the 1.2 release.

Click here for instructions on how to configure the DNS suffix.

The BlastShield™ Desktop client is now supported on Apple-silcon MacBook computers. Note that Intel based Macs are already supported and will continue to be supported.

The desktop client may be downloaded from our download site.

You can now upgrade an Agent directly from the Orchestrator using the Upgrade Agent Software button in the Agent configuration page. Upgrading an Agent from its host operating system is still supported.

The User, Agent and Endpoint configuration now shows which groups that entity is a member of. There is also a preview function to show the resultant changes to policies for that entity if you add or remove it from a group before you save your changes.

BlastShield supports forwarding of packets which have been fragmented by the sender.

API access can be enabled for any user or endpoint. The API can be used to automate actions such as list, add, remove and update of Users, Endpoints, Agents, Gateways, Groups and Policy. It is a REST API. An API playground is available at "https://<orchestrator-fqdn>:8000/docs" and to be able to view this page the user has to have been granted "API Access" in their User profile in the Orchestrator. API keys with specific permissions are created in the "API keys" section of the Settings menu in the Orchestrator.

Click here for instructions on how to enable the API and access the API documentation.