Document toolboxDocument toolbox

Adding Policy Rules and Setting Precedence

Owned by Gary Leicht
Last updated: Sept 06, 2024
8 min read

You can add custom lists, feeds and Threat Insight, and category filters to your policy rules. Depending on your business requirements, you can add as many feeds and Threat Insight, custom lists or category filters as you need and apply them to different security policies. Note that you must first define a custom list or a category filter before you can add it to the security policy. For information about how to create a custom list, see Creating Custom Lists. For information about how to add category or application filters, see Configuring Filters. For information about tags, see Managing Tags.

Adding Policy Rules 

To add policy rules, apply actions, and set precedence, complete the following:

  1. On the Policy Rules page of the Create New Security Policy wizard, define the Default Action for all the destinations that you have not included in the security policy, as follows:

    • Allow: Grants traffic access to a domain or IP address that hits a particular feed or security policy.
    • Default Redirect: Routes traffic to the default Infoblox page or a custom message that you have configured for the Redirect Page.
    • Custom Redirect: Redirects traffic to a configured custom redirect, if one has been configured by the organization.
  2. Click the Add Rule menu and choose one of the following policy types.

Note

Applying Rules

When you choose a policy type, the system adds it to the table. You can perform the following for each rule:

  • Click Select List to view available rules for the respective policy type.
  • Click the Action menu to set the action for each policy rule. For more information about what each action means, see About Rule Actions.
  • Set the precedence order for a policy rule by clicking the up and down arrows at the end of each row to move the rule to its desired rank. The system applies policy rules based on the precedence order. Although you have the flexibility to set precedence for each rule, it is important that you understand the ramification of putting certain policy rules before others. For more information, see Security Policy Precedence.
  • Choose a policy rule and click Remove to remove it from the list.
  • Custom List: Select this rule to add a custom list to the policy. Complete the following to add a custom list to a security policy:
    • OBJECT: From the OBJECT menu, select a custom list from among the available custom lists options. You can view the Threat Level and Threat Confidence scores for any available custom lists. Custom lists can be either allow lists or block lists, depending on the actions that you assign.  Click Select to add the custom list to the policy. 

    • ACTION: From the ACTION menu, select an action type for the custom list to be added to your security policy. Action types include the following:   

      • Allow - No Log: Allows filtering of custom lists without logging of responses. Events will not be displayed in Security Activity reports.

      • Allow - With Log: Allows filtering of custom lists with logging of responses.

      • Block - No Redirect: Blocks filtering of custom lists when no redirection is used.

      • Block - Default Redirect: Blocks filtering of custom lists when the default redirect is used.

      • Block - Redirect: Blocks filtering of custom lists when a custom redirect is used.

      • Block (No Log) - No Redirect: Blocks filtering of custom lists when no redirect is used. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Default Redirect: Blocks filtering of custom lists when using the default redirect. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Redirect: Blocks filtering of custom lists when using a redirect. Events will not be displayed in Security Activity reports.

You can also add a new custom list by selecting New Custom List from among the available custom list options. 
For more information about custom lists, see Custom Lists.

  • Feeds and Threat Insight: Select this rule to add a feed or Threat Insight to the policy. Your custom TIDE feeds (TIDE Bring Your Own Feed or TIDE BYOF) are listed under the list of available feed options. Complete the following to add a feed or Threat Insight to a security policy:  
    • OBJECT: From the OBJECT menu, select a feed or Threat insight from among the available feed and Threat insight options. You can view the Threat Level and Threat Confidence scores for any available items. Click Select to add the feed or Threat insight to the policy. 

    • ACTION: From the ACTION menu, select an action type for the feed or Threat Insight to be added to your security policy. Action types include the following:     

      • Allow - No Log: Allows filtering of feeds and threat insight without logging of responses. Events will not be displayed in Security Activity reports.

      • Allow - With Log: Allows filtering of feeds and threat insight with logging of responses.

      • Block - No Redirect: Blocks filtering of feeds and threat insight when no redirection is used.

      • Block - Default Redirect: Blocks filtering of feeds and threat insight when the default redirect is used.

      • Block - Redirect: Blocks filtering of feeds and threat insight when a custom redirect is used.

      • Block (No Log) - No Redirect: Blocks filtering of feeds and threat insight when no redirect is used. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Default Redirect: Blocks filtering of feeds and threat insight when using the default redirect. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Redirect: Blocks filtering of feeds and threat insight when using a redirect. Events will not be displayed in Security Activity reports.

For more information, see Viewing Active Threat Feeds and Threat Insight. 

  • Category Filter: Select this rule to add a category filter to the policy. Category filters are content categorization rules that allow you to detect and filter internet content and traffic that you want to allow or block. +:
    • OBJECT: From the OBJECT menu, select a category filter from among the available  options.  Click Select to add the category filter to the policy. 

    • ACTION: From the ACTION menu, select an action type for the category filter to be added to your security policy. Action types include the following:   

      • Allow - No Log: Allows filtering of categories without logging of responses. Events will not be displayed in Security Activity reports.

      • Block - No Redirect: Blocks filtering of categories when no redirection is used.

      • Block - Default Redirect: Blocks filtering of categories when the default redirect is used.

      • Block - Redirect: Blocks filtering of categories when a custom redirect is used.

      • Block (No Log) - No Redirect: Blocks filtering of categories when no redirect is used. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Default Redirect: Blocks filtering of categories when using the default redirect. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Redirect: Blocks filtering of categories when using a redirect. Events will not be displayed in Security Activity reports.

You can also add a new category filter by selecting New Category Filter from among the available custom list options. To create a custom list,  
For more information, see Creating Category Filters.

  • Application Filter: Select this rule to add an application filter to the policy. Application filters are application categorization rules that allow you to detect and filter internet content and traffic that you want to allow or block. Complete the following to add an application filter to a security policy

    • OBJECT: From the OBJECT menu, select an application filter from among the available  options. Click Select to add the application filter to the policy. 

    • ACTION: From the ACTION menu, select an action type for the application filter to be added to your security policy. Action types include the following:   

      • Allow - No Log: Allows filtering of applications without logging of responses. Events will not be displayed in Security Activity reports.

      • Allow - With Log: Allows filtering of applications with logging of responses.

      • Allow - Local Resolution: Allows filtering of applications when local on-prem relocation is used.

      • Block - No Redirect: Blocks filtering of applications when no redirection is used.

      • Block - Default Redirect: Blocks filtering of applications when the default redirect is used.

      • Block - Redirect: Blocks filtering of applications when a custom redirect is used.

      • Block (No Log) - No Redirect: Blocks filtering of applications when no redirect is used. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Default Redirect: Blocks filtering of applications when using the default redirect. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Redirect: Blocks filtering of applications when using a redirect. Events will not be displayed in Security Activity reports.

You can also add a custom application filter by selecting New Filter from the Choose Application Filter menu. To create your custom application filter, you must provide a name for the custom application list; a description is optional.
For more information, see Creating Application Filters.

  • Tag: Select this rule to add a tag to the policy. Tags allow you to assign rules to objects in a security policy that allow you to detect and filter internet content and traffic that you want to allow or block based on the tag For security policies, tags consists of a name, an action, and a scope. Complete the following to add a tag to a security policy: 

    • OBJECT: An object is composed of three parts: KEY, VALUE, and SCOPE. From the OBJECT menu, select a KEY, VALUE, and SCOPE for the tag. All three components of the tag object must be specified when it is created. 

    • ACTION: From the ACTION menu, select an action type for the tag to be added to your security policy. Action types include the following:   

      • Allow - No Log: Allows filtering of tags without logging of responses. Events will not be displayed in Security Activity reports.

      • Allow - With Log: Allows filtering of tags with logging of responses.

      • Allow - Local Resolution: Allows filtering of tags when local on-prem relocation is used.

      • Block - No Redirect: Blocks filtering of tags when no redirection is used.

      • Block - Default Redirect: Blocks filtering of tags when the default redirect is used.

      • Block - Redirect: Blocks filtering of tags when a custom redirect is used.

      • Block (No Log) - No Redirect: Blocks filtering of tags when no redirect is used. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Default Redirect: Blocks filtering of tags when using the default redirect. Events will not be displayed in Security Activity reports.

      • Block (No Log) - Redirect: Blocks filtering of tags when using a redirect. Events will not be displayed in Security Activity reports.

Precedence order considerations when defining a policy-based on tags: If the Default Global Policy has higher precedence than a custom policy having network scopes defined based on tags, then the Default Global Policy will continue to work because its precedence is higher than the custom policy. For a custom policy having network scope defined based on tags to work, it should have higher precedence than the Default Global Policy.
For information on applying tags to Infoblox Threat Defense objects, see Applying Tags.

3. After you add policy rules, set actions, and precedence, you can proceed to add bypass codes.

4. Click Next in the wizard to add bypass codes. For more information, see Adding Bypass Codes to a Security Policy.

Precedence Order

Warning

Application filtering: When Local On-prem Resolution is enabled, application filters take priority when executing rules governing precedence order. 

The recommended precedence order for executing rules in a security policy from highest to lowest order of precedence, is as follows:  

1. Custom Lists
2. Feeds
3. Threat Insight
4. Category Filters
5. Default

While the above precedence order is recommended, the decision of precedence order is determined by the organization. When creating rules for a security policy, do keep precedence order in mind. 

Note

Precedence reordering:  You can reorder security policy rules precedence using drag-and-drop functionality. Click on the policy rule to be reordered on the Policy Rules page and drag it to its new location. Repeat the process as necessary until all policy rules precedence have been reordered as required. 

For information about other tasks in creating a new security policy, see the following: