Versions Compared

Old Version 40

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Shirly Tsang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Note
titleAdvisory

The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp domains> or *.<Authoritative Zones>). By excluding corporate and authoritative domains, internal traffic logs will not be added. By excluding corporate and authoritative domains, internal traffic logs will not be added. For the complete list of domains to be excluded, click here.

Image Removed

For information, see Setting Up the NIOS Grid

...

The following table lists the port usage for a successful Data Connector deployment.

Data Connector Port Usage 
IP ProtocolPortSourceDestination
IPs and URLs
 Description
TCP443
NIOS Appliancecsp.infoblox.com

IPs in one JSON formatted list

URLs in one JSON formatted list

Cloud Services Portal Access (unrestricted outbound access to TCP 443)
TCP443
NIOS Appliancecp.noa.infoblox.com
On-Prem
Host – Platform Management
TCP443
NIOS Applianceapp.noa.infoblox.com
On-Prem
Host – Application Management

IPs in one JSON formatted list

URLs in one JSON formatted list

UDP/TCP53
123
NIOS Appliancethreatdefense.bloxone.infoblox.com

Default Local DNS Resolver

52.119.40.100
103.80.5.100

UDP123NIOS Appliancentp.ubuntu.comNTP Server (For OVA only. In case NTP was not provisioned and time sync is disabled.)
UDP123
NIOS Applianceubuntu.pool.ntp.orgNTP Server (Only needed if time sync with ESXi is disabled.)
TCP22
From
NIOS appliance
to Data Connector
Data ConnectorIf you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for
Data Connector
to collect data from NIOS.

Open this port if you want to send data using SCP from the Infoblox NIOS appliance (if configured) to Data Connector. 

The NIOS UI provides a mechanism to filter the domains it sends to

Cloud

Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with

Cloud

Data Connector, make sure to configure

Cloud

Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authorititative). By excluding corporate and authoritative domains, internal traffic logs will not be added.

Required for incoming SCP data transfer from NIOS to Data Connector when deployed as a container. When you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS.

TCP514
From NIOS appliance to Data ConnectorData Connector

If you deploy Data Connector as a container, ensure that

this port is not used by other

there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS.

TCP514

NIOS applianceData Connector

Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 514 is an insecure port.

The NIOS UI provides a mechanism to filter the domains it sends to

Cloud

Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with

Cloud

Data Connector, make sure to configure

Cloud

Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added.

Required for Data Connector secure syslog for RPZ hits data. If you deploy Data Connector as a container, ensure that this port is not used by other processes.

TCP6514From NIOS appliance to Data ConnectorData Connector

If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS.

TCP6514NIOS applianceData Connector

Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 6514 is a secure port.

The NIOS UI provides a mechanism to filter the domains it sends to

Cloud

Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with

Cloud

Data Connector, make sure to configure

Cloud

Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added.

Used for transferring syslog data from NIOS to Data container. Port 6514 is a default secure port. If you deploy Data Connector as a container, ensure that this port is not used by other processes.

UDP

8125

Data Connector deployment

If you deploy Data Connector as a container, ensure that this port is not used by other processes

.Open this port

for Data Connector to collect data from NIOS.



Data Connector Deployment - Reserved Destinations

IP ProtocolPortSourceDestination (Reserved for BloxOne Services only) Description
UDP8125Data Connector deployment

This port is reserved for use by BloxOne services.


This port is for bare-metal deployments only.

This is an internal port used for communications between containers.

If you deploy Data Connector as a container, ensure that this port is not used by other processes. 

 

This port is reserved for BloxOne services only. This port should not be used by our customers.

TCP8126Data Connector deployment
If you deploy Data Connector as a container, ensure that this port is not used by other processes.Open this port

This port is reserved for use by BloxOne services.


This port is for bare-metal deployments only.

This is an internal port used for communications between containers.

If you deploy Data Connector as a container, ensure that this port is not used by other processes. 

 

This port is reserved for BloxOne services only. This port should not be used by our customers.

TCP50514Data Connector deployment
If you deploy Data Connector as a container, ensure that this port is not used by other processes.Open this port only for deploying the Data Connector as a container

This port is reserved for use by BloxOne services.



This port is for bare-metal deployments only.

This is an internal port used for communications between containers.

If you deploy Data Connector as a container, ensure that this port is not used by other processes. 

This port is reserved for BloxOne services only. This port should not be used by our customers.


Note
titleNote
A complete list of allowed IP addresses, subnets, and hostnames is available in a JSON file by clicking this link.

...

Note
titleNote
Infoblox recommends that connectivity from the on-prem hosts and services have unrestricted outbound access to the Internet on port 443. This will allow for fewer changes in the future when we change or expand services. For more deployment information, see Best Practices for Deploying On-Prem Hosts.