Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

Version 1 Next »

To deploy DFP (DNS Forwarding Proxy) on a NIOS appliance, ensure that your Grid or Grid member is running NIOS 8.5 or above. When you run DFP as a service on a Grid member, it forwards recursive queries to BloxOne Cloud. The DFP also caches responses to speed up DNS resolution for future queries.

Ensure that port 443 is open against its respective domain for DNS forwarding proxy to work between NIOS and BloxOne Cloud. 

To deploy DFP on a NIOS member, complete the following procedures:

Setting Up NIOS Member as a Host

To set up the Grid member as a host, complete the following:

  1. Log in to the Cloud Services Portal.
  2. Create a join token, as described in Creating Join Tokens. In an HA environment, create two hosts. You must ensure that the configurations for both hosts are the same for the HA nodes to work seamlessly. Save the join token, for use in the NIOS configuration.
  3. Log in to the NIOS Grid Manager.
  4. Grid: On the Grid tab, click the Grid Manager tab > Grid Properties > Edit.
  5. In the Grid Properties editor, click CSP Config on the left navigation and complete the following: 
    • Join Token: Copy the join token that you created in the Cloud Services Portal.
    • CSP Resolver: Displays the IP address of the local DNS resolver. This IP address or DNS is used to resolve Infoblox domains when the DFP service starts. You must configure at least one external resolver that will be used to resolve all required domains. If you do not enter an IP address, 52.119.40.100 is used as the default.
    • HTTP proxy: Enter the URL of the proxy server in the http://<IP/host>:<port> format. When you update the HTTP proxy, the NIOS on-prem agent updates it to the other on-prem containers by restarting the containers at a specific interval which can cause a maximum delay of 15 minutes. 
  6. Click Save & Close.
  7. Member: On the Grid tab, click the Grid Manager tab > Members tab > member checkbox > Edit.
  8. In the Grid Member Properties editor, click CSP Config on the left navigation and complete the following. To override an inherited property, click Override next to it and enter the value for the appropriate fields if you do not want to inherit the values from the Grid. Once you override, the settings are applicable only at the member level.
    1. Join Token: Displays the join token value that is inherited from the Grid. However, if the field is empty, the cloud connection is not to be terminated.

    2. CSP Resolver: Displays the Cloud Services Portal resolver value that is inherited from the Grid.

    3. HTTP Proxy: Displays the URL that is inherited from the Grid.

    4. Standalone: Select this option when the member is standalone.

      1. Access Key: You cannot edit the value of this field; you can only clear it. Clearing the access key value does not terminate the cloud connection.

    5. HA Enabled: Select this option when the member is an HA.
      1. Access Key: You cannot edit the value of this field; you can only clear it. In case of a NIOS upgrade, the access keys are the same for both the active and passive nodes. 
  9. Click Save & Close
  10. On the Grid tab, click Grid Manager tab > DFP tab > member checkbox -> Edit icon.
  11. In the Member DFP Properties editor, select the Fallback to the default resolution process if BloxOne Threat Defense Cloud does not respond checkbox to forward recursive queries to the local root name servers in case the NIOS member loses connection with BloxOne Cloud or if BloxOne Cloud DNS fails to resolve recursive queries. For newly configured DNS forwarding proxies in NIOS, Infoblox recommends that you keep this option selected until you have verified that the NIOS proxies are functioning properly.
  12. In the Cloud Services Portal, go to Manage > Infrastructure > Hosts to ensure that the status for the NIOS proxy that you have created are active.

Note

  • If you have upgraded to NIOS 8.5.x with DNS forwarding proxy service running on any node, Infoblox recommends that you do not remove any NIOS hosts from the Cloud Services Portal because NIOS preserves the Access Key during the upgrade, and the NIOS Grid member connects to the Cloud Services Portal using the same access key. Note that the value of the Access Key field in NIOS is the same as the API key that is displayed in the Cloud Services Portal
  • You must create a join token to authenticate a virtual DNS forwarding proxy for establishing a connection to the cloud. For more information on creating a join token, see Configuring Join Tokens.

Deploying DFP on the NIOS Host

After you set up a NIOS host, you can create a DFP service instance for the host or apply an existing DFP template to the host.

To deploy a new DFP service on the NIOS host, complete the following:

  1. Log in to the Cloud Services Portal.
  2. Click Manage > Infrastructure > Hosts.
  3. Review the list of hosts to ensure that the host you just set up is active.
  4. Click the Services tab.
  5. From the Create Services drop-down menu, select DNS Forwarding Proxy.
  6. Complete the following steps to run the DFP service on the host.
    Note: Ensure that you select the host on which you plan to run the DFP service when you configure general information.
    1. Configuring General Information
    2. Binding Network Intefaces
    3. Configuring DNS Forwarding Proxy Settings
    4. Viewing Configuring Summary.

Alternatively, you can apply an existing template containing DFP configuration you want to use to the newly created host. To apply an existing DFP service using a template, following the instructions as described in Applying Templates to Hosts.

For information about other deployment options, see the following:

For more information about DFP, see the following:

  • No labels