For each policy rule, such as custom lists, feed and Threat Insight, and category and application filters, you can define the action or override it as one of the following:
- Allow – With Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, and logs the queries to all relevant reports.
- Allow – No Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, but does not log the queries to any reports.
- Allow - Local Resolution: This rule action is only available when configuring an application filter. It allows web applications to bypass DNS and resolve on the local on-prem host.
- Block – No Redirect: Denies traffic access to a domain or an IP address if it matches that of a particular feed.
- Block – Default Redirect: Routes traffic to the default Infoblox page or a custom message that you have configured for the Redirect Page.
- Block – Redirect – <custom redirect name>: Routes traffic to a destination based on the IP address or domain you have configured for the Redirect Page. For information about how to configure a custom redirect page, see Defining the Redirect Page.
Depending on your subscription level, each feed and Threat Insight policy in the Default Global Policy comes with a default action.
Ensure that you understand the ramification when overriding the default action for any threat feeds and Threat Insight rules before you do so.
The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy:
|Feed Name||Default Action||Default Precedence|
|Base||Block – No Redirect||1|
|AntiMalware||Block – No Redirect||2|
|Malware_DGA||Block – No Redirect||3|
|Ransomware||Block – No Redirect||4|
|SURBL_Multi||Block – No Redirect||5|
|ExploitKit_IP||Block – No Redirect||6|
|Public DOH||Block - No Redirect||7|
|Public DOH IP||Block - No Redirect||8|
|ThreatInsight-DGA||Allow – With Log||9|
|ThreatInsight-DataExfiltration||Allow – With Log||10|
|ThreatInsight-FastFlux||Allow – With Log||11|
|ThreatInsight-DNSMessenger||Allow – With Log||12|
|AntiMalware_IP||Allow – With Log||13|
|Bot_IP||Allow – With Log||14|
|SpamBot IP||Allow – With Log||15|
|Extended Base & Malware hostname||Allow - With Log||16|
|Extended Ransomware hostname||Allow – With Log||17|
|Extended Malware IP||Allow – With Log||18|
|Extended ExploitKit IP||Allow - With Log||19|
|SURBL_Fresh||Allow – With Log||20|
|DHS_AIS_Domain||Allow – With Log||21|
|FarSight Newly Observed Domains||Allow - With Log||22|
|CryptoCurrency||Allow – With Log||23|
|TOR_Exit_Node_IP||Allow – With Log||24|
This page has no comments.