Blocking public DoH servers with BloxOne

This section of the guide covers how to block public DoH servers with BloxOne. Blocking Public DoH Server requires the use the BloxOne DoH feeds with an existing BloxOne security policy, or with new one, and a BloxOne source that is assigned to that BloxOne Security Policy.

License and Configuration Requirements 

To block public DoH servers with BloxOne, you will need the BloxOne Threat Defense Essentials license, or higher.

Create a new Security Policy to block public DoH servers

In order to block public DoH Servers with BloxOne, a security policy with the correct feeds applied is required. This section covers how to create a new security policy and apply the appropriate feeds to it.

If an existing security policy will be used to block public DoH servers, refer to the Use an existing Security Policy to block public DoH servers section.

1. Navigate to Policies → Security Policies.

Open

2. Click Create Security Policy.

Open

3. Give the new security policy a Name.

Open

4. (Optional) Give the new security policy a Description.

Open

5. Click Next.

Open

6. Click Add Source. Then, select the source(s) that this policy will apply to. Repeat this step to add multiple sources.

Open

7. Click Next.

Open

8. Click Add Rule. Then, select Feeds and Threat Insight.

Open

9. Click the Object drop-down, then select Public_DoH near the bottom of the list.

Open

10. Click Select to confirm the selection of the feed.

Open

11. Click the Action drop-down. Then, select the action that will be taken whenever this rule is triggered. For more information on the the actions associated with security policy rules please view the Infoblox documentation here.

Open

12. Click Add Rule. Then, select Feeds and Threat Insight.

Open

13. Click the Object drop-down, then select Public_DoH_IP near the bottom of the list.

Open

14. Click Select to confirm the selection of the feed.

Open

15. Click the Action drop-down. Then, select the action that will be taken whenever this rule is triggered.

Open

16. Click Finish.

Open

17. Click Save & Close to confirm the creation of the new security policy

Open

Use an existing Security Policy to block public DoH servers

In order to block public DoH Servers with BloxOne, a security policy with the correct feeds applied is required. This section covers how to apply the appropriate feeds to an existing security policy.

1. Navigate to Policies → Security Policies.

Open

2. Click the hamburger icon associated with the security policy that the DoH feeds will be applied to. Then, click Edit.

Open

3. Click Policy Rules on the left side of the panel.

Open

4. Click Add Rule. Then, select Feeds and Threat Insight.

Open

5. Click the Object drop-down, then select Public_DoH near the bottom of the list. Note, if this feed is not visible it may already be selected and applied to the security policy that is currently being edited.

Open

6. Click Select to confirm the selection of the feed.

Open

7. Click the Action drop-down. Then, select the action that will be taken whenever this rule is triggered. For more information on the the actions associated with security policy rules please view the Infoblox documentation here.

Open

8. Click the Object drop-down, then select Public_DoH_IP near the bottom of the list. Note, if this feed is not visible it may already be selected and applied to the security policy that is currently being edited.

Open

8. Click Select to confirm the selection of the feed.

Open

9. Click the Action drop-down. Then, select the action that will be taken whenever this rule is triggered.

Open

10. Click Finish.

Open

11. Click Save & Close to confirm the addition of the feeds to the security policy.

Open