Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This NIOS release includes the following new features and enhancements:

Licensing for Appliance IB-FLEX

Infoblox introduces a new virtual platform called IB-FLEX, a scalable service-provider grade platform with flexible resource allocation to the virtual machine. To configure IB-FLEX, you first install the Flex Grid Activation license on the Grid Master and then enable the following features as a bundle on the IB-FLEX member: Grid (enterprise), DNS, DNS Traffic Control, Software ADP, Threat Protection Update, DNS Firewall, NXDOMAIN Redirect, FireEye, Threat Insight, and Cybersecurity Ecosystem. Contact your Infoblox representative for more information about IB-FLEX and the Flex Grid Activation license. For more information, see About IB-FLEX.

Enhancements to Infoblox Advanced DNS Protection

This release adds the following enhancements to the Advanced DNS Protection feature:

  • Software ADP: In addition to the hardware-based Advanced Appliances (PT appliances), you can now install software-based subscription licenses on supported appliances (physical and virtual) when deploying the Advanced DNS Protection solution. For more information, see About Infoblox Advanced DNS Protection.
  • Threat Protection Profiles: When you configure Grid or Member security properties, you now have an option to select an active ruleset or a threat protection profile. A threat protection profile defines specific security settings and a ruleset that you can apply to a specific member or a group of members that share a similar kind of traffic. You can also clone an existing one and modify the settings to create a new profile. For more information, see Adding Threat Protection Profiles.
  • Grid VPN on LAN1: You can now configure Grid VPN on LAN1 interface for any members (with Threat Protection enabled) in a Grid that supports Advanced DNS Protection.
  • MGMT Port for Cloud API Calls: Infoblox supports elastic scaling for Software ADP members. You can now join such members using cloud API calls through the MGMT port.
  • New Threat Protection Rules for Recursive Resolution: The updated ruleset now includes rules that are specifically designed for recursive caching servers. For more information, refer to the Threat Protection Rules document.
  • Custom rules via WAPI: You can now push custom rules to the Grid using WAPI calls. For more information, refer to the WAPI Documentation version 2.6.
  • WAPI Support for Threat Protection: This release adds new objects and structs for threat protection functions. For detailed information, refer to the WAPI Documentation version 2.6.


Enhancements to API Outbound Notifications

This release adds the following significant enhancements to the API Outbound Notification feature. For more information, see Using the RESTful API for Outbound Notifications.

  • New configuration and template capabilities: Additional configuration is now possible in areas such as rate limiting and login and logout templates. A few new variables and constructs are also added to the event templates. For detailed information about the new additions, refer to the Infoblox NIOS Administrator Guide.
  • WAPI Integration: This release supports WAPI integration for API outbound notifications. You can send requests to the local WAPI while processing endpoint events, making it easy to include synchronization information via extensible attributes. You can add WAPI integration username and password as well as server certificate validation when you configure endpoints.
  • More advanced XML parsing: You can now select XMLA as the parsing option for endpoint responses to support XML documents with tag attributes. XMLA quoting has also been added with additional capabilities compared to XML quoting, allowing for simple serialization of complex structures.
  • Event Deduplication for RPZ Hits: While configuring notification rules, you can decide whether you want to reduce the amount of redundant RPZ hit events or not. Oftentimes, RPZ hits come from the same client IPs, query FQDNs, or networks. To avoid receiving excessive RPZ events at the endpoint, you can configure the appliance to remove or deduplicate subsequent RPZ events (after sending the first event) within a certain time period based on Source IP, Query Name, RPZ Policy, and other related fields. Depending on your configuration, the appliance sends the first RPZ event and deduplicates subsequent events that match your filtering criteria within the configured lookback interval.

Enhancements to Network Insight

This release adds the following enhancements to the Network Insight feature. For more information, see Infoblox Threat Insight.

  • New Reports: This release adds the IP Address Inventory and Network Inventory reports. Each report provides an inventory of discovered IP addresses and subnets, and includes information such as VLANs on subnets, the managed status, and the timestamps when they were last discovered or became inactive.
  • Improvements for the VRF Mapping Window: When you have a lot of VRFs displayed in the VRF Mapping window, you can filter the data by VRF Name, Device Name, Device/IP Address, or Network View. You can also sort the data by ascending or descending order.
  • The Last Discovered Field for Subnets: Grid Manager now displays the Last Discovered data for networks (or subnets) that are discovered by NetMRI or during an IPAM sync.
  • Discovery Diagnostics Downloads in Text Format: This functionality allows you to download discovery diagnostics in text format from Network Insight members in the click of a button. If you have a large amount of data to download, this feature significantly reduces the download time.
  • IPAM Sync Improvements: When you use the "IPAM Sync" feature to synchronize data discovered by NetMRI, only the data related to discovered hosts appears in NIOS. Data related to hosts that are no longer discovered by NetMRI will be removed. This feature provides consistency in how NIOS handles discovered data through vDiscovery.
  • Inclusion of sysLocation and sysContact during IPAM Sync: Additional information discovered by NetMRI, such as sysLocation and sysContact, is added to NIOS during an IPAM sync. This release also adds a few new fields to be displayed in Grid Manager.
  • UI Consistency for Network Insight: To maintain consistency in field names across products, Grid Manager now displays VLAN name and ID as "VLAN Name" and "VLAN ID" (instead of "Discovered VLAN Name" and "Discovered VLAN ID") in the IPAM and Devices tabs.

DNS Traffic Control Enhancements

This release adds the following enhancements to the DNS Traffic Control (DTC) feature. For more information, see Managing DNS Traffic Control.

  • CNAMESupportforLBDNRecords: You can now use DTC to respond directly to CNAME queries.
  • ServerNameIndication(SNI)Support: DTC now supports SNI for HTTPS health checks. This feature allows you to monitor different HTTPS sites on a single server.

Enhancement to Cloud Network Automation

You can now configure NIOS vDiscovery to automatically resolve conflicts with pre-existing DNS records for an IP address when new VMs are discovered. For more information, see IP Discovery and vDiscovery.

Support for EDNS Client Subnet

This release adds support for the EDNS Client Subnet (ECS) option for recursive DNS. When using this option, the recursive DNS resolver provides the client subnet to the authoritative DNS server so it can build an optimized reply. For more information, see Enabling Recursive Resolution Using EDNS Client Subnet (ECS) Option.

Specifying Source Port Settings

You can now configure BIND query-source, which defines the IP address and port used as the source for outgoing queries. For more information, see Specifying Port Settings for DNS.

TLS 1.2 Support for OpenVPN

This release uses TLS 1.2 for the key exchange for the Grid communication.

Support for Unrestricted Reporting Virtual Appliances

This release supports subscription-based reporting on virtual appliances that do not have capacity restrictions for reporting. For more information, see Infoblox Reporting and Analytics.

Enhancement to DHCP Lease Management

This release adds more options to how you can manage DHCP leases. In addition to one-lease-per-client per member support, you can now configure the appliance to release leases that have a client ID when the client moves from one network to another. You can also have the appliance retain all leases until they expire. For more information, see Configuring DHCP Lease Management.

Support for IPv6 NXDOMAIN Redirection

NIOS now supports IPv6 NXDOMAIN redirection. You can create rules that specify how a DNS member responds to queries for A and AAAA records for certain domain names and non-existent domain names. For more information, see About NXDOMAIN Redirection.

Thales HSM Client Upgrade

NIOS supports version 3.21.3 of Thales. For more information, see About HSM Signing.

Support for SafeNet Network HSM Upgrades

This NIOS release supports SafeNet Network HSM upgrades (formerly Luna SA). For more information, see Configuring a SafeNet HSM Device.

WAPI Enhancements

This release includes the following PAPI and WAPI enhancements. For more details, refer to the WAPI Documentation.

  • Support for PAPI object dtc:topology:rule CRUD operation
  • New objects for network resize
  • Export and import data for backup and restore
  • Other additional WAPI objects and changes
  • No labels