Cloning Security Policies

You can create a new security policy by cloning an existing one.

To clone a security policy:

1. From the Infoblox Portal, navigate to the Security Policies page (Configure > Security > Policies ). 
2. On the Security Policies page in the Security Policies tab, select a policy you want to use as the baseline and click Clone at the top Action bar. The Clone Security Policy wizard appears.
3. On the General page, complete the following:
   • Name: Enter a name for the security policy. Ensure that you enter a unique name for each security policy. This is a required field.
   • Description: Enter a brief description of the security policy. You can enter up to 256 characters. This is not a required field, but it is recommended. 
   • Precedence: Enter the precedence order for this policy, or use the arrows in the field to choose the precedence order for the policy. You can reorder security policy rules precedence using drag-and-drop functionality. Click on the policy rule to be reordered on the Policy Rules page and drag it to its new location. Repeat the process as necessary until all policy rules precedence have been reordered as required. If you do not set a precedence order, the system will set this policy.
     
   • Geolocation: Toggle the Geolocation switch from Disable to Enable (disabled by default) in order to enable the geolocation for the security policy, or accept the default disabled configuration for the security policy to preserve privacy. For more information about geolocation support, see Enabling and Disabling Geolocation for a Security Policy.
   • Safe Search: Toggle this switch from Disable to Enable (disabled by default). When safe search is enabled, inappropriate content from search results obtained from four major search engines (Google, Bing, YouTube, and Yandex) is filtered and restricted. Enabling safe search ensures that protected users will be unable to access or view inappropriate content. Enabling safe search does not override any configured custom lists or the default redirect. 
   • DoH per Policy: Switch the DoH per Policy toggle from Disable to Enable (disabled by default) to activate an encrypted protocol for DNS resolution. Once enabled, a textbox will display a custom, generated FQDN. You can click Copy to accept the generated FQDN or click Regenerate to generate a new FQDN. A pop-up window will then prompt you to confirm the refresh (regenerate) action for a new FQDN, indicating that the former FQDN will become invalid and this action cannot be undone. For information on how to use a client over DoH, see Implementing the Client over DoH.
   • Block DNS rebind attack:Toggle this switch from Disable to Enable (disabled by default) to prohibits DNS rebinding attacks. For information, see Blocking DNS Rebind Attacks
   • Local on-Prem Resolution: Toggle this switch from Disable to Enable (disabled by default) to enable Local on-Prem Resolution. For information, see Using Local On-Prem Resolution.
   • Tags: Tags can be added for DNS Forwarding Proxy, endpoints, endpoint groups, IPAM networks, individual IPs, IPAM Host objects, and ranges. Tags can also be added to Endpoint metatdata, OS and endpoint version. Policy rules can be defined by tags for custom lists, application filters and category filters. In the Tags section, click Add to add a tag. A tag consists of a KEY (required) and a Value. When a security policy is created possessing a key and its corresponding value, all resource data having the same or similar key and the same or similar value will be associated with the security policy. For example, you can assign a security policy for firewalls. New firewalls will be automatically included in a policy when you add a relevant tag to an IPAM object. Or you can quarantine compromised or outdated endpoints (e.g. on Windows 8.1) by tags and metadata.  
4. Click Next.
5. On the Network Scope page, define your network scope for this security policy. No network scope is inherited from the original security policy. For more information, see Configuring Network Scopes.
6. Click Next.
7. On the Policy Rules page, all the policy rules are inherited from the original security policy. You cam make modifications to them. For more information, see Adding Policy Rules and Setting Precedence.
8. Click Next.
9. On the Bypass Codes page, all the bypass codes are inherited from the original security policy. You can make modifications to them. For more information, see Adding Bypass Codes to a Security Policy.
10. Click Next.
11. On the Summary page, review your configuration. This page displays the configuration details. You can click the icon next to a network scope or policy rule to view the details in the Selected panel. Before saving the security policy, you can make modifications by clicking the respective pages on the left navigation panel. You can also click the Back button to navigate back to previous steps in the wizard.
12. Click Save & Close to save the configuration.

For additional information on security policies, see the following:

• Configuring Security Policies
• About Rule Actions
• Security Policy Precedence
• Geolocation Support on a Per-Policy Basis