Versions Compared

Version Old Version 21 New Version 22
Changes made by

Gary Leicht

Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

New Infoblox Feeds

...

Feed Availability

Feed Name

Essentials

Business On-Prem

Business Cloud

Advanced

Infoblox Base

Infoblox Base IP

NA

Infoblox High Risk

NA

NA

NA

Infoblox Medium Risk

NA

NA

NA

Infoblox Low Risk

NA

NA

NA

Infoblox Informational

NA

For information on the new RPZ feed recommendations for NIOS, see Feed Revamp for NIOS.

...

To view your upgraded security policy rules, select a security policy and click on the three horizontal bars icon associated with it. From among the available options, click the Edit option followed by clicking the Policy Rules side menu item of the Edit Policy wizard. The upgraded security policy configuration will be displayed.

...

Restricted Workflows for Old Security Policies Prior to Upgrading

Before upgrading a security policy, you won't be able to modify the current security policy configuration. While you can still view your existing security policies, making changes to non-upgraded policies will not be possible. Once you upgrade a current security policy, you will once again have the ability to edit and update it. When attempting to edit or change a non-upgraded security policy, the Finish button will be disabled.

Additionally, if you attempt to edit the Policy Rules page, then the Save & Close button on the Summary page will be disabled. However, you will still be able to view the policy configuration.

...

Logic for Upgrade Script

Logic for Upgrade Script

Step 1:

Logic Used:
If all feeds in this section have the same action, then the new action retained on the converted new feeds will be the same as it was previously. If there are mixed actions among the feeds in this section, then the newly converted feeds will retain Block as the policy action, as this feed section is Critical Risk. Infoblox aims to ensure the protection of our customers during the conversion.

Case 1A (Best: No mix, all Block)

New Action

Base Hostnames

Block

AntiMalware

Block

Infoblox Base

Block

Malware DGA hostnames

Block

Ransomware

Block

Case 1B (Best: No Mix, all Allow)

New Action

Base Hostnames

Allow

AntiMalware

Allow

Infoblox Base

Allow

Malware DGA hostnames

Allow

Ransomware

Allow

Case 2 (possible: 1-2 mixed)

New Action

Base Hostnames

Block

AntiMalware

Block

Infoblox Base

Block

Malware DGA hostnames

Allow

Ransomware

Block

Case 3 (Worst: Most mixed)

New Action

Base Hostnames

Allow

AntiMalware

Block

Infoblox Base

Block

Malware DGA hostnames

Allow

Ransomware

Allow

Step 2:

Logic Used:
If customers have any of the feeds listed below, Infoblox will add the new feed (with change of name). This new feed will maintain the same policy action as it did previously.

New Action

Retained as is (in same precedence with same action), no change

Antimalware IP

Infoblox Base IP

Step 3:

Logic Used:
If all feeds in this section have the same action, then the new action will be retained in the converted new feeds. If the feeds have mixed policy actions (i.e., even if one of the feed's action is Block), then in the converted new feeds, the action will be set to Block for High and Medium risks, while Low risk will be set to Allow with logging enabled. This section is NOT considered Critical Risk, and the indicators can fall into any of the three risk categories (High, Medium, and Low). In a mixed-case scenario, Infoblox aims to ensure that our customers are safeguarded against High and Medium risk indicators, while Low risk indicators can simply be logged.

Case 1A: (Best: No mix, all Block)

New Action

Suspicious

Block

Infoblox High Risk

Block

Suspicious Lookalikes

Block

Infoblox Med Risk

Block

Suspicious NOED

Block

Infoblox Low Risk

Block

Case 1B: (Best: No Mix, all Allow)

New Action

Suspicious

Allow

Infoblox High Risk

Allow

Suspicious Lookalikes

Allow

Infoblox Med Risk

Allow

Suspicious NOED

Allow

Infoblox Low Risk

Allow

Case 2: (Possible: 1 mixed)

New Action

Suspicious

Block

Infoblox High Risk

Block

Suspicious Lookalikes

Allow

Infoblox Med Risk

Block

Suspicious NOED

Allow

Infoblox Low Risk

Allow - with Log

Case 3: (Worst: 2 mixed)

New Action

Suspicious

Block

Infoblox High Risk

Block

Suspicious Lookalikes

Allow

Infoblox Med Risk

Block

Suspicious NOED

Block

Infoblox Low Risk

Allow - with Log

Step 4:

Logic Used:
If customers possess any of the feeds mentioned below, Infoblox will introduce the new feed (with change of name) and apply the same policy action to them.

New Action

Retained as is (in same precedence with same action), no change

NOED

Infoblox Informational

...