Versions Compared

Version Old Version 32 New Version 33
Changes made by

Gary Leicht

Shirly Tsang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • EXTERNAL NETWORKS: The total number of external networks included in the network scope for this policy. 
  • INFOBLOX  ENDPOINT GROUPS: The total number of endpoint groups included in the network scope for this policy.
  • IPAM: The number of IPAM objects associated with the security 
  • IPAM HOSTS: The number of IPAM Hosts associated with the security policy. 
  • TAGS: Any tags associated with the security policy. 
  • METADATA: Any metadata associated with the security policy.
  • USER GROUPS: The total number of user groups included in the network scope for this policy.
  • LISTS: The total number of custom lists configured for the security policy.
  • CATEGORY FILTERS: The total number of category filters configured for the security policy.
  • APPLICATION FILTERS: The total number of appication application filters configured for the security policy.
  • BYPASS CODES: The number of bypass codes associated with a security policy. 
  • GEOLOCATION: The geolocation state for the policy. Geolocation can be enabled or disabled. For more information about geolocation support, see Geolocation Support on a Per-Policy Basis.
  • SAFE SEARCH: This indicates whether safe search is enabled or disabled for the security policy. For more information about safe search enforcement, see Safe Search Enforcement.
  • DNS FORWARDING PROXIES: The total number of DNS forwarding proxies included in the network scope for this policy.
  • DOH PER POLICY: DNS over HTTPs (DoH) is an encrypted protocol for DNS resolution. DoH per Policy can be enabled or disabled. Infoblox  Threat Defense can terminate DoH connections and associate custom DoH FQDNs with specific customer policies. This allows customers to securely redirect their DNS traffic to Infoblox Threat Defense without a client and integrate our solution with third-party solutions. For information on how to use an agentless client over DoH, see Implementing the Client over DoH.
  • BLOCK DNS REBIND ATTACK (BLOCK DRA): In a DNS rebinding attack, the attacker first gains control of a malicious DNS server. For information, see Blocking DNS Rebind Attacks.
  • POLICY CHECK: Reports information on the health of the polciy policy (Good, Warning) and provides security policy optimization information,   actionable feedback on policies possessing a warning status as reported by SOC Insights, and links to policy best practices the Best Practices for Configuring Security Policies documentation page and the policy rules in effect for this policy within Infoblox Portal to assist in optimizing and fixing a sub-optimized security policy.    
    Policy Optimization notification pop-up window
    Image: The Security Policy window indicatring indicating a nned need for the security policy to be further optimnizedoptimized

You can also view more information about each security policy in the right panel. When you expand Network Scope, Policy Rules, and Bypass Codes, you can see the total number of each entities within the respective category. When you click the number next to each entity, the system takes you to the Summary page of the security policy. On the Summary page, you can find more information about the specific entity or navigate to other sections to view or modify certain information about the security policy.

...

For more information about how to use Local Internet DNS Breakout (local on-prem resolution) with Infoblox with Infoblox Threat Defense and Universal DDI DNS, see the following: