Versions Compared

Version Old Version 30 New Version 31
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleNote
To provide flexibility and support for the new policy types, BloxOne Infoblox Threat Defense has updated the evaluation process for security policies. Previously, BloxOne  Infoblox Endpoint and DNS forwarding proxy had implicit precedence over external networks. After the update, the policies are evaluated in the order you define and observe on the Security Policies page of the Cloud Services Infoblox Portal. If you have existing security policies, the policy precedence is updated to match the behavior that was defined before the update.

BloxOne Threat Infoblox  Threat Defense provides a default global policy that gives you a head start in protecting your networks. You can review the default global policy, and decide whether you want to add or remove some of the rules based on your business requirements.

In addition to the default global policy, you can add new security policies from scratch or clone an existing policy to complement the default policy. When you create a new security policy, you must first define a network scope to which you add external networks, user groups, DNS forwarding proxies, DDI IPAM, and Endpoint groups. BloxOne  Infoblox Threat Defense applies the security policy to all the entities that you include in the network scope. After you define the network scope, you can add policy rules and specify actions and their precedence order. For more information, see Security Policy Precedence.

...

The Security Policies page displays the following information for each security policy you have configured by default:

  1. PRECEDENCE: BloxOne  Infoblox Threat Defense enforces security policies in an ascending precedence order in which the policy rule with the lowest precedence order has the highest priority in the evaluation process. The precedence order for executing rules in a security policy, from highest to lowest order of precedence, is as follows:
    1. Custom Lists
    2. Feeds
    3. Threat intelligence
    4. Category Filters
    5. Default
  2. NAME: The policy name.
  3. DEFAULT ACTION: The default action currently configured for the entities that are not included in the network scope.
  4. DESCRIPTION: The policy description.

...

  • EXTERNAL NETWORKS: The total number of external networks included in the network scope for this policy. 
  • BLOXONE INFOBLOX  ENDPOINT GROUPS: The total number of endpoint groups included in the network scope for this policy.
  • IPAM: The number of IPAM objects associated with the security 
  • IPAM HOSTS: The number of IPAM Hosts associated with the security policy. 
  • TAGS: Any tags associated with the security policy. 
  • METADATA: Any metadata associated with the security policy.
  • USER GROUPS: The total number of user groups included in the network scope for this policy.
  • LISTS: The total number of custom lists configured for the security policy.
  • CATEGORY FILTERS: The total number of category filters configured for the security policy.
  • APPLICATION FILTERS: The total number of appication filters configured for the security policy.
  • BYPASS CODES: The number of bypass codes associated with a security policy. 
  • GEOLOCATION: The geolocation state for the policy. Geolocation can be enabled or disabled. For more information about geolocation support, see Geolocation Support on a Per-Policy Basis.
  • SAFE SEARCH: This indicates whether safe search is enabled or disabled for the security policy. For more information about safe search enforcement, see Safe Search Enforcement.
  • DNS FORWARDING PROXIES: The total number of DNS forwarding proxies included in the network scope for this policy.
  • DOH PER POLICY: DNS over HTTPs (DoH) is an encrypted protocol for DNS resolution. DoH per Policy can be enabled or disabled. BloxOne Threat  Infoblox  Threat Defense can terminate DoH connections and associate custom DoH FQDNs with specific customer policies. This allows customers to securely redirect their DNS traffic to the BloxOne Infoblox Threat Defense cloud without a client and integrate our solution with third-party solutions. For information on how to use an agentless client over DoH, see Implementing the Client over DoH.
  • BLOCK DNS REBIND ATTACK: In a DNS rebinding attack, the attacker first gains control of a malicious DNS server. For information, see Blocking DNS Rebind Attacks.

...

  • Click the expandable menu icon > Remove to delete a security policy. You can also choose the respective security policy and click Remove.

  • Choose a security policy to view additional details in the right panel. You can collapse the right panel by clicking the information icon. 

  • Enter the value that you want to search in the Search text box. The Cloud Services The Infoblox Portal displays the list of records that match the keyword in the text box.
  • Click the expandable menu icon to choose the columns you want to display or use the arrow keys to reorder the columns.

...

For more information about how to use Local Internet DNS Breakout (local on-prem resolution) with BloxOne with Infoblox Threat Defense and BloxOne Universal DDI DNS, see the following:

...