Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

To configure the On-Prem DNS Firewall service, go to the Cloud Services Portal > Policies > On-Prem DNS Firewall and complete the following four-step process:

Step 1: Download and read the Infoblox Threat Intelligence Feed Deployment Guide. The deployment guide walks you through the step-by-step process of setting up and configuring the On-Prem DNS Firewall.  

Step 2: Click Feed Configurations Values to configure NIOS feeds with the provided feed addresses. The Threat Feed Details dialog displays the threat intelligence feeds provided in your subscription. If your organization has custom feeds, you will see them listed at the bottom of the list.

Image: Threat Feed Details pane displaying feed names, feed descriptions, and feed RPZ addresses. 

To configure your NIOS feeds, do the following:

  1. In the Threat Feed Details dialog, review the list and copy the feed information to your favorite text editor. Save this information for use when you configure NIOS.
  2. Click Close to proceed to the next step.

Step 3: Click Distribution Server Configuration Values. In the Distribution Server Details dialog, copy the information listed below; you will use it to configure the DNS Firewall client. You must configure a DNS server to act as a lead secondary that receives feed updates from the threat intelligence data server and redistributes the updates to other servers.

For information on enabling custom RPZ feeds, see Enabling and Scaling of Custom RPZ Feeds.

  • BLOXONE THREAT DEFENSE CLOUD HITS RPZ FEED: Use this switch to enable and disable access to your custom zone from the data captured in BloxOne Threat Defense Cloud. Enabling this control enables the Maximum feed entries and Expiring days fields for configuration.
  • Name: The name of your custom RPZ zone file. 
  • Maximum feed entries: If BLOXONE THREAT DEFENSE CLOUD HITS RPZ FEED is enabled, then the RPZ can have at most 10,000 records. Set a value from 0 to 10,000.
  • Expiring days: Days to expiration, or Time-to-Live (TTL), can be set from 1 to 30 days. Once an indicator has exceeded this value, it will be removed from the RPZ. 
  • DISTRIBUTION SERVER -US WEST: Distribution servers are listed for US EAST and US WEST regions. NIOS operates on BIND, so connections must be made via IP addresses, which are used to configure appliances on the network. Preference is given to connecting via IPv4, but IPv6 is also an option. 
    • IPv4: Displays the IPv4 address of the distribution server for US West. Click Copy to copy the IP address.

    • IPv6: Displays the IPv6 address of the distribution server for US West. Click Copy to copy the IP address.

Note

Your RPZ feeds might originate from an IP address other than the IP address with which they were originally configured. RPZ feeds reflect the IP address from where they originate, not the IP address of your distribution server. 

  • DISTRIBUTION SERVER - US EAST 
    • IPv4: Displays the IPv4 address of the distribution server for US East. Click Copy to copy the IP address.

    • IPv6: Displays the IPv6 address of the distribution server for US East. Click Copy to copy the IP address.

Note

Your RPZ feeds might originate from an IP address other than the IP address with which they were originally configured. RPZ feeds reflect the IP address from where they originate, not the IP address of your distribution server.  

  • TSIG: The Cloud Services Portal generates a TSIG key by using the account information under the account name. However, you can specify a new key name and a new TSIG key for your on-prem hosts.
    • Key Algorithm: From the drop-down list, select HMAC_MD5 algorithm (512 bit) or HMAC_SHA256 algorithm (256 bit). 
    • Key Name: This field displays the name of the TSIG key. A TSIG key is required for RPZ zone transfers for the On-Prem Firewall. The resulting Key Name and TSIG key can be added to your on-prem devices. They provide the required authorization to transfer zone files.

    • TSIG Key: This field displays the TSIG key, which is used for authentication when information about threat intelligence feeds is being downloaded. If you have a complex configuration—for example, if you use standalone Infoblox appliances or Infoblox Grids that receive threat intelligence feeds from other standalone appliances or Grids, not directly from the Infoblox distribution servers—ensure that you use the same TSIG key for the feed zone transfers. To modify the TSIG key format to a different TSIG type,  select the supported TSIG key types from the drop-down list.

Warning

Once the new key becomes active (which might take up to an hour), you can add it to your on-prem devices.

Warning

When changing the TSIG key format, you must enter the new key into NIOS.

  • For more information about selecting TSIG key options for the On-Prem DNS Firewall, see Selecting a TSIG Key Format.

  • Once you have selected your distribution server, click Save & Close to proceed to the next step.

Step 4: Optionally, click Configure Members to add or remove DNS servers to which you want to send notifications about updates in DNS Firewall feeds. To add DNS servers, do the following:

  1. Click Add Server.
  2. In the table, enter the NAME and IP ADDRESS for the DNS server.
  3. To save the configuration, click Save & Close. To add another DNS server, click Add Server again.

To remove a DNS server, select the server in the table and click Remove Server.

Note

To ensure that the DNS Firewall service functions correctly, you must properly configure RPZ and DNS logging categories in NIOS. For details, see About Infoblox DNS Firewall.

  • No labels