Page Comparison

...

Info

All sizing guideline information is for reference only. It represents the results of lab testing in a controlled environment focused on individual protocol services. Enabling additional protocols, services, cache hit ratio for recursive DNS, and customer environment variables will affect performance. To design and size a solution for a production environment, please contact your Infoblox Solution Architect.

Infoblox Trinzic appliances have the following limitations on the number of threat intelligence entries that can be loaded on to each appliance. These recommended per-appliance limitations help achieve acceptable performance and should not be exceeded. To help you prioritize and select threat feeds in the DNS FW configuration, use the entry counts next to the feed in the NIOS setup, and use the following guidelines:

Threat Intelligence Sizing Limitations for Infoblox Trinzic Appliances
SoftwareAppliance	Maximum Supported RPZ Record Count in Millions
IB-815	1.5
IB-825	2
IB-926	6
IB-1415	6
IB-1425	8
IB-1516	20
IB-1526	20
IB-2215	25
IB-2225	25
IB-2326	40
IB-4015	40
IB-4025	40
IB-4126	40

Info

title	Feed Restrictions

Low end models (1.5M/2M) - do not receive any of the three Suspicious feeds (Suspicious, Suspicious Lookalikes, Suspicious NOED) the Newly Observed Emergent Domains feed, or the Farsight Newly Observed Domains NOD feedGet the base protection (confirmed malicious indicators) - Base domains and Base IPs.
Middle end models (6M/8M) –

receive some of the Suspicious feeds (but not all three), the Newly Observed Emergent Domains feed, and the Farsight Newly Observed Domains NOD feed

Beyond base protection, they also get the Policy feeds. The 1425 model (that can handle 8M indicators) can also get the high risk part of unconfirmed indicators (Suspicious).
High end models (20M/40M) –

receive

Gets all the feeds.

Maximum RPZ

Feed Sizing (new RPZ feeds)

Feed	RPZ	For Maximum of 1.5M Records	For Maximum of 2M Records	For Maximum of 6M Records	For Maximum of 8M Records	For Maximum of 20M / 40M Records
Size by Feed

Infobox

Infoblox Base	infoblox-base.rpz.infoblox.local	✔	✔	✔	✔	✔
Infoblox Base IP	infoblox-base-ip.rpz.infoblox.local	✔	✔	✔	✔	✔
Infoblox High Risk	infoblox-high-risk.rpz.infoblox.local				✔	✔
Infoblox Medium Risk	infoblox-med-risk.rpz.infoblox.local					✔
Infoblox Low Risk	infoblox-low-risk.rpz.infoblox.local					✔
Infoblox Infomational	infoblox-informational.rpz.infoblox.local					✔
DoH Public Hostnames	public-doh.rpz.infoblox.local			✔	✔	✔
DoH Public IPs	public-doh-ip.rpz.infoblox.local			✔	✔	✔
Cryptocurrency hostnames and domains	cryptocurrency.rpz.infoblox.local			✔	✔	✔
DHS_AIS_ Hostname	dhs-ais-domain.rpz.infoblox.local			✔	✔	✔
DHS_AIS_IP	dhs-ais-ip.rpz.infoblox.local			✔	✔	✔
Bogon	bogon.rpz.infoblox.local			✔	✔	✔
EECN IPs	eecn-ip.rpz.infoblox.local			✔	✔	✔
US OFAC Sanctions IPs	sanctions-ip.rpz.infoblox.local			✔	✔	✔
Sanctions Med	sanctions-med.rpz.infoblox.local			✔	✔	✔
Sanctions High	sanctions-high

.rpz.infoblox.local

✔

TOR Exit Node IPstor-exit-node-ip.rpz.infoblox.local

✔

Farsight Newly Observed Domains (NOD)farsightnod.rpz.infoblox.local

✔

RPZ Feed Sizing (old feeds)

FeedRPZFor Maximum of 1.5M RecordsFor Maximum of 2M RecordsFor Maximum of 6M RecordsFor Maximum of 8M RecordsFor Maximum of 20M / 40M RecordsBase Hostnamesbase.rpz.infoblox.local

✔

AntiMalwareantimalware.rpz.infoblox.local

✔

Malware DGA hostnamesmalware-dga.rpz.infoblox.local

✔

Ransomwareransomware.rpz.infoblox.local

✔

Suspicioussuspicious.rpz.infoblox.localNA

NA

✔

Suspicious Lookalikeslookalikes.rpz.infoblox.localNA

✔

Suspicious NOEDsuspicious-noed.rpz.infoblox.localNANANA

✔

DoH Public Hostnamespublic-doh.rpz.infoblox.local

✔

DoH Public IPspublic-doh-ip.rpz.infoblox.local

✔

Newly Observed Emergent Domainsnoed.rpz.infoblox.localNANA

✔

AntiMalware_IPantimalware-ip

.rpz.infoblox.local

✔

DHS_AIS_ Hostnamedhs-ais-domain.rpz.infoblox.localExtended Base & anti-malware Hostnamesext-base-antimalware.rpz.infoblox.local

✔

Extended Ransomware IPsext-ransomware.rpz.infoblox.local

✔

Extended AntiMalware Ipsext-antimalware-ip.rpz.infoblox.local

✔

Cryptocurrency hostnames and domainscryptocurrency.rpz.infoblox.local

✔

TOR Exit Node IPs

tor-exit-node

-ip.rpz.infoblox.local

✔

Bogonbogon.rpz.infoblox.local

✔

DHS_AIS_IPdhs

-

ais-

ip.rpz.infoblox.local

✔

EECN IPsSpambot IPs DNSBLspambot-dnsbl-ip.rpz.infoblox.local

✔

US OFAC Sanctions IPssanctions-ip.rpz.infoblox.local

✔

Sanctions Medsanctions-med.rpz.infoblox.local

✔

Sanctions Highsanctions-high.rpz.infoblox.local

✔

eecn-ip.rpz.infoblox.loca

✔

Farsight Newly Observed Domains (NOD)

farsightnod.rpz.infoblox.local

NA

✔

Extreme Blockib-extreme-block.rpz.infoblox.localNANANANA

✔

Extreme Logib-extreme-log.rpz.infoblox.localNANANANA

✔

High Blockib-high-block.rpz.infoblox.localNANANANA

✔

High Logib-high-log.rpz.infoblox.localNANANANA

✔

Med Blockib-med-block.rpz.infoblox.localNANANANA

✔

Med Logib-med-log.rpz.infoblox.localNANANANA

✔

Low Blockib-low-block.rpz.infoblox.localNANANANA

✔

Low Logib-low-log.rpz.infoblox.localNANANANA

✔

Info

title	Pre-configurated Feed Sets

The pre-configured sets – Extreme/High/Med/Low – are supposed to be used by itself. They are not supposed to be used in any combination with other pre-configured options or the above individual RPZs, as it will result in overlap without additional benefit/protection for customers, resulting in ineffective usage of resources.

In summary,

...

✔

For guidelines on the sizing of the old RPZ feeds, see Sizng Guidelines for the Old RPZ Feeds.

Page Comparison

Versions Compared

Old Version 25

New Version Current

Key

Threat Intelligence Sizing Limitations for Infoblox Trinzic Appliances

Maximum RPZ

Size by Feed

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

RPZ Feed Sizing (old feeds)

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔

✔