![]() Only part of the instructions apply to appliances that are licensed with NIOS, and it's not clear what those are. (Unless, perhaps you also have DDI in the Cloud?) What was confusing to me is that both the proxy-only hosts and the NIOS hosts are managed in the same section, but have different options available to them. ![]() If you use appliances running the NIOS software, either virtual or physical, you'll configure part of it in the Grid Master and part of it in the CSP. These are the VM images referenced in the deployment guide and the physical units use the tokens referenced there. If you use purpose built proxies, either virtual or physical, the configuration is controlled in the CSP, which is the web-based interface for B1TD Cloud. And it can be physical or virtual, as well. I'm pretty sure the virtual machines and bare-metal appliances that act as only proxies are what Infoblox means by 'On-Prem Hosts' but a DNS server running NIOS can also be configured as a DNS proxy on top of other DNS services. DFP or DNS Forwarding Proxy, which is essentially a transparent proxy for DNS and can point to either the cloud or another customer-controlled DNS. A Windows or Mac agent that is downloaded and installed on the clients you want protectedģ. Global forwarding of recursive queries to them with allowed networks defined in the CSP (assuming a source filter on a view type of thing)Ģ. (The two deployment options mentioned by Cloud puts the DNS firewall part within the Infoblox controlled environment, and there are three ways (that I know of) how to get the DNS traffic to them:ġ. There is a NIOS DNS firewall and the rules are configured within the grid, using RPZ (Response Policy Zones), and the threat intelligence feeds are 'imported' so that the processing is done 'on-prem.' I think this is what the Infoblox guys are thinking of when they make the distinction of Cloud vs On-Prem, in terms of 'Threat Defense'. It essentially blocks or redirects users from reaching malicious sites. Primarily, that BloxOne Threat Defense is a suite of offerings and the portion that is the Cloud-based DNS firewall SaaS (Software as a Service) is often shortened to just B1TD.Ī DNS firewall is the core of this service and is offered as a SaaS (B1TD Cloud) or as a license to be applied to member(s) of your grid (on-prem), whether they are virtual machines or physical appliances. We've actually gone live with our deployment and I've discovered a few new points that might help. I came here looking for the same info, so I understand the frustration. Definitely could have been easier, though. I was finally able to get everything set up and working, after playing around a bit. Forward recursive queries to Infoblox's cloud using on-prem NIOS appliances (not well covered in the documentation) ![]() ![]() From the instructions on Tokens, it appears the image can be loaded onto a hypervisor or a bare metals appliance from Infoblox, so maybe this is actually two different options, as well.)ģ. Forward recursive queries to Infoblox's cloud using a virtual DNS forwarding proxy appliance (haven't quite figured out where this is deployed, yet, as we're using Trinzic appliances in our data centers. Answer recursive queries yourself with an on-prem DNS firewall using physical or virtual NIOS appliances (so, one or two options, depending on if you consider those the same or different)Ģ. (Or, I guess, 4 deployment options, but I may be missing some of the finer points due to terminology.)ġ. There really seems to be 3 deployment options, even though there are just two choices about where recursive queries are answered. (I've got a training budget, but no time to actually take the training, yet.) I worked off the online admin guide, mostly, since I couldn't quickly find a video or deployment guide that explained the parts that were throwing me off. This confused the hell out of me when trying to set up our pilot environment 'in my spare time', so I just wanted to clarify a bit for anyone else looking at your answer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |