BloxOne Endpoint bypass in combination with FQDN and a probe token, are used by BloxOne Endpoint to identify that Endpoint is on-prem and is following the configured on-prem policies. To verify BloxOne Threat Defense probe responses, BloxOne Endpoint periodically sends DNS queries from a non-resolvable probe domain to default resolvers to avoid the possibility of “spoofed” responses. In cases where a domain is not expected to resolve, then any subdomains of the domain will also not resolve. For instance, if some-domain.com is configured as a probe domain, then mail.some-domain.com would also not resolve.
...
- From the Cloud Services Portal, click Manage -> Endpoints.
- On the Endpoints page, select the Endpoint Groups tab, and then click the Add button.
Note | ||
---|---|---|
| ||
At least one BloxOne Endpoint must be added to the configuration prior to configuring and enabling protected bypass mode. |
3. In the Bypass Mode section of the Create Endpoint Group page, complete the following:
- State: Enable protected bypass mode from its default disabled state by switching the toggle from Disabled to Enable.
- FQDN: The default probe domain is probe.infoblox.com. You can choose to accept the default or create your own FQDN based on your requirements. If you choose to use a custom probe domain, ensure that it can be resolved with a custom TXT record.
TXT Record: You can choose to accept the default TXT record, generate a random TXT record by clicking Generate random TXT Record, or apply a custom TXT record.
Note | ||
---|---|---|
| ||
To avoid conflict between two TXT records, Infoblox recommends that you define a custom probe domain and a custom TXT record, instead of using the defaults. Ensure that the custom probe domain can be resolved based on the information in the custom TXT record. |
4. Click Save& Close to create the endpoint group or click Cancel to return to the BloxOne Endpoint Group page without enabling protected bypass mode and probing.
Disabling Probing Requests
...