Cisco Cisco AMP Threat Grid 5004 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
PLANNING
PLANNING
7
TGSH Dialog
The first interface is the TGSH Dialog, which is used to configure the Network Interfaces. TGSH Dialog is
displayed when the appliance successfully boots up.
displayed when the appliance successfully boots up.
Reconnecting to the TGSH Dialog
TGSH Dialog will remain open on the console and can be accessed either by attaching a monitor to the
appliance or, if CIMC is configured, via remote KVM.
appliance or, if CIMC is configured, via remote KVM.
To reconnect to the TGSH Dialog, ssh into the Admin IP address as the user 'threatgrid'.
The required password will either be the initial, randomly generated password, which is visible initially in the
TGSH Dialog, or the new Admin password you create during the first step of the OpAdmin Portal Configuration,
which is described in the next section.
TGSH Dialog, or the new Admin password you create during the first step of the OpAdmin Portal Configuration,
which is described in the next section.
OpAdmin Portal
This is the primary Threat Grid GUI configuration tool. Much of the appliance configuration can ONLY be done
via OpAdmin, including licenses, email host, SSL Certificates, etc.
via OpAdmin, including licenses, email host, SSL Certificates, etc.
AMP Threat Grid Portal
The Threat Grid user interface application is available as a cloud service, and is also installed on Threat Grid
Appliances. There is no communication between Threat Grid Cloud service, and the Threat Grid Portal that is
included with a Threat Grid Appliance.
Appliances. There is no communication between Threat Grid Cloud service, and the Threat Grid Portal that is
included with a Threat Grid Appliance.
CIMC
Another user interface is the Cisco Integrated Management Controller ("CIMC"), which is used to manage the
server.
server.
Network Interfaces
Admin Interface
•
Connect to the Admin network. Only inbound from Admin network.
•
OpAdmin UI traffic
•
SSH (inbound) for tgsh-dialog
Note:
The form factor for the Admin interface is SFP+. See Figure 2 -
Cisco 1000BASE-T Copper SFP (GLC-T)
.
Clean Interface
•
Connect to the Clean network. Clean must be accessible from the corporate network but requires no
outbound access to the Internet, except in Recovery Mode.
outbound access to the Internet, except in Recovery Mode.
•
UI and API traffic (inbound)
•
Sample Submissions
•
SMTP (outbound connection to the configured mail server)
•
Recovery Mode Support Session (outbound)