BlastShield Documentation

You can configure active and standby Gateway redundancy using the High Availability function. The HA function provides Gateway redundancy for scenarios where high availability of the protected assets is a requirement. Should the hardware running a Gateway in an HA cluster fail, then the standby Gateway instance will take over, and the endpoints will not lose service. Failover is stateful, and no reconnects are required.

Further information

To find out how to configure high availability on a Gateway, please see the following article: Configure high availability

Gateways can now be provisioned directly from the Orchestrator UI instead of adding .BSI files to the installation media. This simplifies the installation process for x86 Gateways, removing the requirement to copy a .BSI invitation file onto the USB installation media, since the registration step can now be carried out separately after the firmware installation has been completed. For convenience, the provisioning step can be done directly from the the Orchestrator user interface.

How it works

The process allows the Administrator to register and provision a new Gateway in the Orchestrator after the Gateway firmware has been installed on the x86 hardware. In this method, instead of copying a .BSI inviation file onto the USB installation media, the encrypted .BSI file is downloaded from the Administrator's workstation once the Gateway's registration PIN has been validated by the Admin. The registration PIN is displayed on the console menu of a newly installed Gateway. This saves you having to copy a .BSI file onto the installation media for each Gateway, hence reducing the time taken for setup.

This method requires port 80 access to the new Gateway from the Administrator's workstation. Watch the following video for an overview of the process.

Related information

The installation instructions for x86 active and passive Gateways can be found here: x86 active Gateway installation. and x86 passive Gateway installation.

The Gateway firmware will support x86 hardware which has multiple endpoint interfaces. This will allow you to directly connect endpoint devices into the Gateway without the need for an intermediate ethernet switch to provide you with the ports, saving time during installation, simplifying the network and reducing the total cost of deployment.

The endpoint interfaces may be configured during installation by selecting the required interfaces at the select endpoint interface(s) step.

The BlastShield™ Orchestrator is used to provision and manage all systems in a BlastShield™ network. This includes management of gateways, endpoints, remote users, groups, and policies.

Local regulations may sometimes require a fully air-gapped deployment, where no external access from the network is permitted. In a fully air-gapped network the Orchestrator is deployed on premises with no access to the internet, and similarly, users are also not allowed external internet access.

When the Orchestrator is deployed with no access to the internet, you must manually process the Orchestrator license request during the installation. This is a one-time process. This release adds support for appying the license in an offline mode with CLI based license handling utilities to handle the license request and application process.

For more information on using this feature please see the following articles: