Page Comparison

...

Info

All sizing guideline information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.

Infoblox Trinzic appliances have the following limitations on the number of threat intelligence entries that can be loaded on to each appliance. These recommended per-appliance limitations help achieve acceptable performance and should not be exceeded. To help you prioritize and select threat feeds in the DNS FW configuration, use the entry counts next to the feed in the NIOS setup, and use the following guidelines:

Threat Intelligence Sizing Limitations for Infoblox DDI Infoblox Trinzic Appliances
SoftwareAppliance	Maximum Supported RPZ Record Count in Millions
IB-815	1.5
IB-825	2
IB-926	6
IB-1415	6
IB-1425	8
IB-1516	20
IB-1526	20
IB-2215	25
IB-2225	25
IB-2326	40
IB-4015	40
IB-4025	40
IB-4126	40

Info

title	Feed Restrictions

Low end models (1.5M/2M) - do not receive any of the three Suspicious feeds (Suspicious, Suspicious Lookalikes, Suspicious NOED) the Newly Observed Emergent Domains feed, or the Farsight Newly Observed Domains NOD feedGet the base protection (confirmed malicious indicators) - Base domains and Base IPs.
Middle end models (6M/8M) –

receive some of the Suspicious feeds (but not all three), the Newly Observed Emergent Domains feed, and the Farsight Newly Observed Domains NOD feed

Beyond base protection, they also get the Policy feeds. The 1425 model (that can handle 8M indicators) can also get the high risk part of unconfirmed indicators (Suspicious).
High end models (20M/40M) –

receive

Gets all the feeds.

Appliance and

Maximum RPZ Size by Feed

Sizing

Feed	RPZ	For Maximum of 1.5M Records	For Maximum of 2M Records	For Maximum of 6M Records	For Maximum of 8M Records	For Maximum of 20M / 40M Records

Infoblox Base

Hostnames

infoblox-base.rpz.infoblox.local

✔

AntiMalwareantimalware

Infoblox Base IP

infoblox-base-ip.rpz.infoblox.local

✔

Malware DGA hostnamesmalware-dga

Infoblox High Risk

infoblox-high-risk.rpz.infoblox.local

✔

Ransomwareransomware

Infoblox Medium Risk

infoblox-med-risk.rpz.infoblox.local

✔

Suspicioussuspicious-NA

✔

Suspicious Lookalikeslookalikes

Infoblox Low Risk

infoblox-low-risk.rpz.infoblox.local

NANANA

NA

✔

Suspicious NOED

Infoblox Infomational

suspicious

infoblox-

noed

informational.rpz.infoblox.local

NANANA✔

					✔
DoH Public Hostnames	public-doh.rpz.infoblox.local

✔

			✔	✔	✔
DoH Public IPs	public-doh-ip.rpz.infoblox.local			✔	✔	✔

✔

Newly Observed Emergent Domainsnoed.rpz.infoblox.localNANA

✔

AntiMalware_IPantimalware-ip.

Cryptocurrency hostnames and domains

cryptocurrency.rpz.infoblox.local

✔

DHS_AIS_ Hostname

dhs-ais-domain

.rpz.infoblox.local

✔

Extended Base & anti-malware Hostnamesext-base-antimalware.rpz.infoblox.local

✔

Extended Ransomware IPsext-ransomware

.rpz.infoblox.local

✔

Extended AntiMalware IpsCryptocurrency hostnames and domainscryptocurrency.rpz.infoblox.local

✔

TOR Exit Node IPstor-exit-node-ip.rpz.infoblox.local

✔

Bogonbogon.rpz.infoblox.local

✔

ext-antimalware-ip.rpz.infoblox.local

✔

DHS_AIS_IP

dhs-ais-ip.rpz.infoblox.local

✔

EECN IPseecn-ip

Bogon

bogon.rpz.infoblox.

loca

local

✔

Spambot

EECN IPs

DNSBL

spambot

eecn-

dnsbl-

ip.rpz.infoblox.local

✔

			✔	✔	✔
US OFAC Sanctions IPs	sanctions-ip.rpz.infoblox.local

✔

Sanctions Med

sanctions-med.rpz.infoblox.local

✔

Sanctions High

sanctions-high.rpz.infoblox.local

✔

Farsight Newly Observed Domains (NOD)farsightnod.rpz.infoblox.localNANA

✔

Extreme Blockib-extreme-block.rpz.infoblox.localNANANANA

✔

Extreme Logib-extreme-log

TOR Exit Node IPs

tor-exit-node-ip.rpz.infoblox.local

NANANANA

✔

High Blockib-high-block.rpz.infoblox.localNANANANA

✔

High Log

ib-high-log.rpz.infoblox.localNANANANA

✔

Med Blockib-med-block

✔
Farsight Newly Observed Domains (NOD)	farsightnod.rpz.infoblox.local

NANANANA

✔

Med Logib-med-log.rpz.infoblox.localNANANANA

✔

Low Blockib-low-block.rpz.infoblox.localNANANANA

✔

Low Logib-low-log.rpz.infoblox.localNANANANA

✔

Info

title	Pre-configurated Feed Sets

The pre-configured sets – Extreme/High/Med/Low – are supposed to be used by itself. They are not supposed to be used in any combination with other pre-configured options or the above individual RPZs, as it will result in overlap without additional benefit/protection for customers, resulting in ineffective usage of resources.

In summary,

...

✔

For guidelines on the sizing of the old RPZ feeds, see Sizng Guidelines for the Old RPZ Feeds.

Page Comparison

Versions Compared

Old Version 20

New Version Current

Key

Threat Intelligence Sizing Limitations for

Infoblox Trinzic Appliances

Maximum RPZ Size by Feed

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔