Configuring Infoblox Advanced DNS Protection

To enable and configure Infoblox Advanced DNS Protection on supported Infoblox appliances, complete the following:

1. Obtain valid Threat Protection, Threat Protection (Software add-on) and Threat Protection Update licenses from Infoblox and install them on the Infoblox Advance Appliances. For information about license requirements, see Supported Threat Protection Appliances and Licensing Requirements .
2. Optionally, you can set up an HA pair using the same appliance models for both the active and passive nodes. For information about HA pairs, see About HA Pairs . Note that you cannot configure Advance Appliances as an HA Grid Master or HA Grid Master candidate.
3. Enable threat protection service, as described in Starting and Stopping Threat Protection Service . For an HA pair, enable the service on both the active and passive nodes.

1648NIOS Administrator Guide (Rev. A)NIOS 8.1
About Infoblox Advanced DNS Protection

1. Configure threat protection rule settings for the Grid, including automatic or manual rule updates, as described in Configuring Grid Security Properties . If your network configuration requires rule updates to go through a proxy server, you can configure the appliance to use a proxy server to send rule updates. For more information, see Configuring Proxy Servers . You can also delegate ruleset updates to specific Grid members and change the default interface to an alternate interface, as described in Configuring Members and Interfaces for Automatic Updates . Define threat protection profiles for the Grid or specific members, as described in Configuring Threat Protection Profiles .
2. Optionally, you can do the following:
   • Override the default Grid setting that disables multiple DNS requests through one TCP session, as described in Enabling Multiple DNS Requests through a Single TCP Session .
   • Modify system rules, as described in Modifying System and Auto Rules .
   • Create custom rules using rule templates, as described in Creating Custom Rules 0.

After you have successfully set up Infoblox Advanced DNS Protection , you can do the following:

• View the current threat protection rules, as described in Viewing Threat Protection Rules 6.
• Modify system and custom threat protection rules, as described in Managing Threat Protection Rules on page 1676.
• Manually upload rule updates, as described in Manually Uploading Rulesets .
• Publish uploaded rule updates, as described in Publishing Rule Updates .
• For manual updates, compare differences between two rulesets and merge parameter changes from an old ruleset into a new one, as described in Comparing and Merging Rulesets .
• Monitor threat protection related events and reports, as described in Monitoring Threat Protection Events on page 1680.
• Set the threat protection service in monitor mode, as described in Enabling and Disabling Monitoring Mode on page 1652.
• Add threat protection profiles, as described in Adding Threat Protection Profiles .
• Clone threat protection profiles, as described in Cloning Threat Protection Profiles 2.
• Modify threat protection profiles, as described in Modifying Threat Protection Profiles 3.
• Merge threat protection profiles, as described in Merging Threat Protection Profiles .
• Inherit Grid rule settings for a threat protection profile, as described in Inheriting Grid Rule Settings on page 1674.
• Delete a threat protection profile, as described in Deleting Threat Protection Profiles .
• View the current threat protection profiles, as described in Viewing Threat Protection Profiles 5.