/
Configuring External Networks
Document toolboxDocument toolbox

Configuring External Networks

Owned by Gary Leicht
Last updated: Feb 10, 2025
2 min read

Before applying security policies, you must define the networks that require protection from malicious attacks. The first step in configuring Infoblox Threat Defense is setting up DNS Firewall by defining remote networks. These external networks are identified by their IP address subnets and organized into groups for application in DNS Security Policies.

Notes:

  • Subnet Verification: IPv4 subnets larger than /29 and IPv6 subnets larger than /56 require verification by Infoblox Support before becoming operational. This process takes up to five business days. Subnets between /29 and /32 do not require verification.

  • Multiple Networks: If you plan to use multiple external networks in your configuration, Infoblox recommends registering all networks in advance. Pre-registration ensures availability when traffic is directed to them and prevents incorrect assignment of IP space belonging to your company.

  • Best Practices: Before adding an external network, review best practices. For more information, see Best Practices for External Networks.

Before adding an external network, ensure that you understand the best practices. For information, see Best Practices for External Networks.

Managing External Networks

The External Networks page displays all defined networks. Navigate to Configure > Security > External Networks to configure and manage external networks. On this page, you can:

  • Select a network and click Edit on the top action bar to modify its details.

  • Select Remove to delete a network.

  • View detailed information about a specific network in the right panel.

  • Click Create to add a new external network

External Network Details

The External Networks page provides the following details:

  • NETWORK NAME: The external network’s name.

  • DESCRIPTION: An optional description of the external network.

  • SUBNET: A logical subdivision of an IP address. Both IPv4 and IPv6 addresses are supported. To prevent conflicts with Access Control Lists (ACLs) defined for the DNS Firewall, Infoblox Threat Defense restricts CIDR blocks spanning wide IP ranges.

    • Valid IPv4 netmask: Between /24 and /32.

    • IPv4 subnets larger than /29 and IPv6 subnets larger than /56 require verification before becoming operational.

    • If an invalid netmask is entered, Infoblox Threat Defense returns an error.

For more information, see External Subnets

Additional Actions

On the External Networks page, you can:

  • Click the Expand Column icon to select and reorder displayed columns.

  • Click Expand Column > Edit to modify user information or select an external network and click Edit.

  • Click Expand Column > Remove to delete an external network or select an external network and click Remove.

  • Select an external network to view additional details in the right panel. Collapse the right panel by clicking the Information icon.

  • Enter a search term in the Search text box to display matching records in the Infoblox Portal.

For addtional information, see:



 

Related content