This guide outlines the complete procedure to connect and activate Aegister Threat Blocker (ATB), whether deployed in series or in parallel. Follow these steps to ensure proper integration of the device with your security infrastructure.

1. Corporate Account Creation

  • Preliminary:
    Before proceeding, create an account for your organization on the Aegister Cyber Console. This step is essential for managing and monitoring the ATB device.

    Note: For devices pre-configured by Aegister for Partners, the organization has already been created. You can register directly on the platform here using a corporate account by registering your email and password, or by using SSO. Once registered, request the necessary permissions from your Aegister contact to access the ATB dashboard.

2. Physical Connection of the Device

  • Network Connection:
    Physically connect the ATB device to your firewall using any available Ethernet port (LAN1-4).

  • Connection Confirmation:
    Once the device is connected, our team will receive a notification and begin the final remote configuration phase.

3. Technical Checks and Initial Configuration (by Aegister)

  • ATB–Cyber Console Connection Check:
    The Aegister team will verify that the ATB is properly communicating with the Cyber Console.

  • Aegister VPN Functionality Test:
    The team will confirm that the integrated VPN tunnel is operating correctly, ensuring remote access for maintenance and updates.

  • ATB Local IP Verification:
    Access the ATB section of your Aegister Cyber Console to verify that the ATB is connected and to view its PUBLIC_IP and LOCAL_IP.

  • Verification Call:
    If any issues arise, schedule a call with one of our experts to verify the device’s functionality and its connection with app.aegister.com.

4. Final Steps for Parallel Connection (Generic Firewall)

Follow these steps:

  1. Access the Firewall Management Interface:
    Log in to your firewall’s management interface via its IP address or dedicated hostname using your administrator credentials.

  2. Connectivity Check:

    • Ensure that the ATB device is properly connected to the network and is reachable.
    • The IP feed is available at: 
      http://IP_ATB_LOCALE:8080/blacklist.txt
      Use this URL to verify that the IP blacklist is being correctly downloaded.

  3. Security Rules Configuration:

    • Create or modify firewall rules to block traffic to or from the IPs listed in the blacklist.
    • Typically, you will need at least two rules: one for inbound traffic and one for outbound traffic, setting the action to “Deny” or “Block”.

  4. Advanced Settings and Connection Security:

    • If your firewall supports automatic updates of the blacklist, configure it for periodic refreshes.
    • For a secure (HTTPS) connection, provide a valid certificate to install on the ATB device, or request that we install a self-signed certificate.

  5. Logging and Monitoring Configuration:

    • Enable logging to monitor events related to your firewall rules.
    • Configure log mirroring on UDP port 514 as supported by your firewall to ensure unwanted traffic is blocked.

  6. Final Verification and Functionality Test:

    • After configuration, download the blacklist again to confirm that it’s up-to-date and that a green check mark (or equivalent indicator) is visible.
    • Perform connectivity tests to ensure the blocking rules are active.

  7. Documentation and Support:

    • If you experience any issues, contact our support team for further assistance.

4.b Final Steps for Parallel Connection (Firewall: Fortigate)

If you are connecting ATB in parallel to an existing Fortigate firewall, follow these steps:

  1. Access the Fortigate Management Interface:
    Log in to your Fortigate firewall’s control panel.

  2. Create the Security Fabric Object:

    • Create a Security Fabric object named “Aegister_Blacklist”.
    • Use the link: 
      https://IP_LOCALE_ATB/blacklist.txt
      Verify that the status shows as “green” and that the list is downloaded correctly.

  3. Firewall Policy Rules Configuration:

    • Rule 1:
      • From: Any
      • To: Aegister_Blacklist
      • Assign a high rule ID and set the action to Deny.
    • Rule 2:
      • From: Aegister_Blacklist
      • To: Any
      • Also configure this rule in Deny mode with a high rule ID.

  4. Enable Logging:
    Activate logging on UDP port 514 to monitor events related to these rules.

  5. Note for Fortigate:
    To ensure connection security, you must install a certificate on the ATB device, as Fortigate accepts only HTTPS connections for Security Fabric objects. Additionally, specify the full filename blacklist.txt instead of the default /blacklist.

4.c Final Steps for Parallel Connection (Firewall: SonicWall)

If your environment uses a SonicWall firewall, follow these steps based on the manufacturer’s guide:

  1. Access the SonicWall Management Interface:
    Log in to your SonicWall firewall’s control panel.

  2. Navigate to the Botnet Filtering Section:
    Go to the Botnet Filtering and Firewall Access Rules section. For additional details, refer to the official guide How to Configure Botnet Filtering with Firewall Access Rules.

  3. Configure the Botnet Filter URL:
    Set the Botnet Filter URL to: