To configure On-Prem DNS Firewall service, complete the following:
From the Cloud Services Portal, go to Policies -> On-Prem DNS Firewall and complete the four-step process to configure the On-Prem DNS Firewall.
Step 1: Download and read the Infoblox Threat Intelligence Feed Deployment Guide. The deployment guide walks you through the step-by-step process of setting up and configuring the On-Prem DNS Firewall.
Step 2: Click Feed Configurations Values to configure NIOS feeds with the provided feed addresses. The Threat Feed Details dialog displays the threat intelligence feeds that are provided in your subscription. If your organization has custom feeds, you will see them listed at the bottom of the list.
To configure your NIOS feeds, perform the following:
- In the Threat Feed Details dialog, review the list and copy the feed information to your favorite text editor. Save this information for subsequent NIOS configuration.
- Click Close to proceed to the next step.
Step 3: Click Distribution Server Configuration Values to view the distribution servers. In the Distribution Server Details dialog, copy the following information so you can use it to configure the DNS Firewall client. You must configure a DNS server to act as a lead secondary that receives feed updates from the threat intelligence data server and redistributes the updates to other servers.
- BLOXONE THREAT DEFENSE CLOUD HITS RPZ FEED: This switch enables and disables access to your custom zone from data captured in BloxOne Threat Defense Cloud. Enabling this control enables the Maximum feed entries and Expiring days fields for configuration.
- Name: The name of your custom RPZ zone file.
- Maximum feed entries: If BLOXONE THREAT DEFENSE CLOUD HITS RPZ FEED is enabled, then the RPZ can have a maximum of 10,000 records. This value can be set from any number of records between 0 and 10,000.
- Expiring days: Expiring days or Time-to-live (TTL) can be set from 1 to 30 days. Once an indicator has exceeded the maximum number of days, it will be removed from the RPZ.
- DISTRIBUTION SERVER -US WEST: Distribution servers are listed for US EAST and US WEST regions. NIOS operates on BIND, so connections must be made by IP address. Preference is given to connecting via IPv4, but IPv6 is an option. These IP addresses are used to configure appliances on the network.
- IPv4: Displays the IPv4 address of the distribution server for US West. Click Copy to copy the IP address.
- IPv6: Displays the IPv6 address of the distribution server for US West. Click Copy to copy the IP address.
- DISTRIBUTION SERVER -US EAST
- IPv4: Displays the IPv4 address of the distribution server for US East. Click Copy to copy the IP address.
- IPv6: Displays the IPv6 address of the distribution server for US East. Click Copy to copy the IP address.
- TSIG: The Cloud Services Portal generates a TSIG key using account information under the account name. You can add the new key name and TSIG key to your on-prem hosts.
- Key Algorithm: You can select either HMAC_MD5 algorithm (512-biit) or HMAC_SHA256 algorithm (256 bit) from the drop-down list to generate the TSIG key.
- Key Name: Displays the name of the TSIG key. A TSIG key is required for RPZ zone transfers for the On-Prem Firewall. For more information on selecting TSIG key options for On-Prem DNS Firewall, see . The resulting Key Name and TSIG key can be added to your on-prem devices. They provide the required authorization to transfer zone files.
TSIG Key: Displays the TSIG key, which is used for authentication when downloading information about threat intelligence feeds. If you have a complex configuration, such as using standalone Infoblox appliances, or Infoblox Grids that receive threat intelligence feeds from other standalone appliances or Grids and not directly from the Infoblox distribution servers, ensure that you use the same TSIG key for the feed zone transfers. You can modify the TSIG key format to a different TSIG type by selecting from among the drop-down list of supported TSIG key types.
It may take up to one hour for newly created TSIG keys to become active. Once the key becomes active, you can add the new key name and the TSIG key to your on-prem devices
When changing the TSIG key format, you must enter the new key into NIOS.
- For more information about selecting TSIG key options for On-Prem DNS Firewall, see .
Once you have made your distribution server selections, click Save & Close to proceed to the next step.
Step 4: Optionally, click Configure Members to add or remove DNS servers to which you want to send notifications about DNS Firewall feeds updates. To add DNS servers, complete the following:
- Click Add to add a DNS server.
- In the table, enter the NAME and IP ADDRESS for the DNS server.
- Click Save & Close to save the configuration, or click Add Server again to add more DNS servers.
To remove a DNS server, select the server in the table and click Remove Server.
You must properly configure RPZ and DNS logging categories in NIOS to ensure that the DNS Firewall service is functioning properly. For details about how to configure these in NIOS, refer to the About Infoblox DNS Firewall.
This page has no comments.