For each policy rule, such as custom lists, feed and Threat Insight, and category and application filters, you can define the action or override it as one of the following:
- Allow – With Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, and logs the queries to all relevant reports.
- Allow – No Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, but does not log the queries to any reports.
- Allow - Local Resolution: This rule action is only available when configuring an application filter. It allows web applications to bypass DNS and resolve on the local host.
- Block – No Redirect: Denies traffic access to a domain or an IP address if it matches that of a particular feed.
- Block – Default Redirect: Routes traffic to the default Infoblox page or a custom message that you have configured for the Redirect Page.
- Block – Redirect – <custom redirect name>: Routes traffic to a destination based on the IP address or domain you have configured for the Redirect Page. For information about how to configure a custom redirect page, see Defining the Redirect Page.
Depending on your subscription level, each feed and Threat Insight policy in the Default Global Policy comes with a default action.
Note
Ensure that you understand the ramification when overriding the default action for any threat feeds and Threat Insight rules before you do so.
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy:
| Feed Name | Default Action | Default Precedence |
|---|---|---|
| AntiMalware | Block – No Redirect | 1 |
| Base | Block – No Redirect | 2 |
| DHS_AIS_Domain | Block – No Redirect | 3 |
| Malware_DGA | Block – No Redirect | 4 |
| Ransomware | Block – No Redirect | 5 |
| Suspicious_NOED | Block – No Redirect | 6 |
| Suspicious_Lookalikes | Block – No Redirect | 7 |
| Suspicious_Domains | Block – No Redirect | 8 |
| AntiMalware_IP | Allow – With Log | 9 |
| Bogon | Allow – With Log | 10 |
| DHS_AIS_IP | Allow – With Log | 11 |
| Ext_AntiMalware_IP | Allow – With Log | 12 |
| Ext_Base_AntiMalware | Allow – With Log | 13 |
| Ext_Ransomware | Allow – With Log | 14 |
| US_OFAC_Sanctions_IP_Embargoed | Allow – With Log | 15 |
| TOR_Exit_Node_IP | Allow – With Log | 16 |
| Threat Insight-Data Exfiltration | Allow – With Log | 17 |
| Threat Insight - DGA | Allow – With Log | 18 |
| Threat Insight-DNS Messenger | Allow – With Log | 19 |
| Threat Insight-Fast Flux | Allow – With Log | 20 |
| CryptoCurrency | Allow – With Log | 21 |
| Spambot_DNSBL_IP | Allow – With Log | 22 |
| NOED | Allow – With Log | 23 |
| FarSightNOD | Allow – With Log | 24 |
| ETQRisk | Allow – With Log | 25 |
| ETQRisk_IP | Allow – With Log | 26 |
| EECN_IP | Allow – No Log | 27 |
| Public_DOH | Allow – No Log | 28 |
| Public_DOH_IP | Allow – No Log | 29 |