You can add custom lists, feeds and Threat Insight, and category filters to your policy rules. Depending on your business requirements, you can add as many feeds and Threat Insight, custom lists or category filters as you need and apply them to different security policies. Note that you must first define a custom list or a category filter before you can add it to the security policy. For information about how to create a custom list, see Creating Custom Lists. For information about how to add category or application filters, see Configuring Filters.
To add policy rules, apply actions, and set precedence, complete the following:
On the Policy Rules page of the Create New Security Policy wizard, define the Default Action for all the destinations that you have not included in the security policy, as follows:
- Allow: Grants traffic access to a domain or IP address that hits a particular feed or security policy.
- Default Redirect: Routes traffic to the default Infoblox page or a custom message that you have configured for the Redirect Page.
- Custom Redirect: Redirects traffic to a configured custom redirect, if one has been configured by the organization.
- Click the Add Rule menu and choose one of the following policy types.
Note
When you choose a policy type, the system adds it to the table. You can perform the following for each rule:
- Click Select List to view available rules for the respective policy type.
- Click the Action menu to set the action for each policy rule. For more information about what each action means, see About Rule Actions.
- Set the precedence order for a policy rule by clicking the up and down arrows at the end of each row to move the rule to its desired rank. The system applies policy rules based on the precedence order. Although you have the flexibility to set precedence for each rule, it is important that you understand the ramification of putting certain policy rules before others. For more information, see Security Policy Precedence.
- Choose a policy rule and click Remove to remove it from the list.
- Custom List: Choose this to add a custom list to the policy. When you click a custom list, you can view the Threat Level and Threat Confidence. When you are ready, click Select to add the custom list to the policy. Custom lists can be either allow lists or block lists, depending on the actions that you set upon them.
Action Types: From the ACTION menu, select an action type to be added to your security policy:
Allow - No Log: Allows filtering of custom lists without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of custom lists with logging of responses.
Block - No Redirect: Blocks filtering of custom lists when no redirection is used.
Block - Default Redirect: Blocks filtering of custom lists when the default redirect is used.
Block - Redirect: Blocks filtering of custom lists when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of custom lists when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of custom lists when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of custom lists when using a redirect. Events will not be displayed in Security Activity reports.
- Custom List: Choose this to add a custom list to the policy. When you click a custom list, you can view the Threat Level and Threat Confidence. When you are ready, click Select to add the custom list to the policy. Custom lists can be either allow lists or block lists, depending on the actions that you set upon them.
You can also add a custom list by selecting Custom List from the Choose a Custom List. To create a custom list, you must provide a name for it; a description is optional. To classify the level of threat posed to your organization, select a threat level (INFO, LOW, MEDIUM, or HIGH) and a confidence level (HIGH, MEDIUM, or LOW) to be used to label indicators. When you select the threat and confidence levels, you can select or override the threat levels provided by Infoblox.
For more information about custom lists, see Custom Lists.
- Feeds and Threat Insight: Choose this to add a feed or Threat Insight to the policy. Your custom TIDE feeds (TIDE Bring Your Own Feed or TIDE BYOF) are listed under the list of available feed options. When you click a feed or Threat Insight, you can view the Threat Level and Threat Confidence. When you are ready, click Select to add the feed or Threat Insight to the policy. Feeds and threat insight can be either allow lists or block lists, depending on the actions that you set upon them.
Action Types: From the ACTION menu, select an action type to be added to your security policy:
Allow - No Log: Allows filtering of feeds and threat insight without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of feeds and threat insight with logging of responses.
Block - No Redirect: Blocks filtering of feeds and threat insight when no redirection is used.
Block - Default Redirect: Blocks filtering of feeds and threat insight when the default redirect is used.
Block - Redirect: Blocks filtering of feeds and threat insight when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of feeds and threat insight when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of feeds and threat insight when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of feeds and threat insight when using a redirect. Events will not be displayed in Security Activity reports.
- Feeds and Threat Insight: Choose this to add a feed or Threat Insight to the policy. Your custom TIDE feeds (TIDE Bring Your Own Feed or TIDE BYOF) are listed under the list of available feed options. When you click a feed or Threat Insight, you can view the Threat Level and Threat Confidence. When you are ready, click Select to add the feed or Threat Insight to the policy. Feeds and threat insight can be either allow lists or block lists, depending on the actions that you set upon them.
For more information, see Viewing Active Threat Feeds and Threat Insight.
- Category Filter: Choose this to add a category filter to the policy. Choose a category filter and click Select to add the category filter to the policy. Category filters are content categorization rules that allow you to detect and filter internet content and traffic that you want to allow or block. Choose the name of the category from among the Select List options under the NAME menu to add to your security policy.
Action Types: From the ACTION menu, select an action type to be added to your security policy:
Allow - No Log: Allows filtering of categories without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of categories with logging of responses.
Block - No Redirect: Blocks filtering of categories when no redirection is used.
Block - Default Redirect: Blocks filtering of categories when the default redirect is used.
Block - Redirect: Blocks filtering of categories when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of categories when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of categories when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of categories when using a redirect. Events will not be displayed in Security Activity reports.
- Category Filter: Choose this to add a category filter to the policy. Choose a category filter and click Select to add the category filter to the policy. Category filters are content categorization rules that allow you to detect and filter internet content and traffic that you want to allow or block. Choose the name of the category from among the Select List options under the NAME menu to add to your security policy.
You can also add a custom category filter by selecting New Filter from the Choose Application Filter menu. To create your custom category filter, you must provide a name for the custom category list; a description is optional.
For more information, see Creating Category Filters.
Application Filter: Choose this to add an application filter to the policy. Choose an application filter and click Select to add the application filter to the policy. Application filters are application categorization rules that allow you to detect and filter internet content and traffic that you want to allow or block. Choose the name of the application from among the Select List options under the NAME menu to add to your security policy.
Action Types: From the ACTION menu, select an action type to be added to your security policy:
Allow - No Log: Allows filtering of applications without logging of responses. Events will not be displayed in Security Activity reports.
Allow - With Log: Allows filtering of applications with logging of responses.
Allow - Local Resolution: Allows filtering of applications when local on-prem relocation is used.
Block - No Redirect: Blocks filtering of applications when no redirection is used.
Block - Default Redirect: Blocks filtering of applications when the default redirect is used.
Block - Redirect: Blocks filtering of applications when a custom redirect is used.
Block (No Log) - No Redirect: Blocks filtering of applications when no redirect is used. Events will not be displayed in Security Activity reports.
Block (No Log) - Default Redirect: Blocks filtering of applications when using the default redirect. Events will not be displayed in Security Activity reports.
Block (No Log) - Redirect: Blocks filtering of applications when using a redirect. Events will not be displayed in Security Activity reports.
You can also add a custom application filter by selecting New Filter from the Choose Application Filter menu. To create your custom application filter, you must provide a name for the custom application list; a description is optional.
For more information, see Creating Application Filters.
Precedence reordering: You can reorder security policy rules precedence using drag-and-drop functionality. Click on the policy rule to be reordered on the Policy Rules page and drag it to its new location. Repeat the process as necessary until all policy rules precedence have been reordered as required.
Policy management tag behavior when associated with a DFP: Policy management tags will not function for DFPs when the policy precedence associated with a DFP is set lower than the Default Global Policy. For example, if a custom policy containing a DFP is configured with a precedence of 2 and the Default Global Policy is configured with a precedence of 1, then tags will not work when they are associated with the DFP.
- After you add policy rules, set actions, and precedence, you can proceed to add bypass codes.
- Click Next in the wizard to add bypass codes. For more information, see Adding Bypass Codes to a Security Policy.
For information about other tasks in creating a new security policy, see the following: