Page tree

Contents

For each policy rule, such as custom lists, feed and Threat Insight, and category and application filters, you can define the action or override it as one of the following:

  • Allow – With Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, and logs the queries to all relevant reports.
  • Allow – No Log: Grants traffic access to a domain or IP address that hits a particular feed or security policy, but does not log the queries to any reports.
  • Allow - Local Resolution: This rule action is only available when configuring an application filter. It allows web applications to bypass DNS and resolve on the local on-prem host.  
  • Block – No Redirect: Denies traffic access to a domain or an IP address if it matches that of a particular feed.
  • Block – Default Redirect: Routes traffic to the default Infoblox page or a custom message that you have configured for the Redirect Page.
  • Block – Redirect – <custom redirect name>: Routes traffic to a destination based on the IP address or domain you have configured for the Redirect Page. For information about how to configure a custom redirect page, see Defining the Redirect Page.

Depending on your subscription level, each feed and Threat Insight policy in the Default Global Policy comes with a default action. 

Note

Ensure that you understand the ramification when overriding the default action for any threat feeds and Threat Insight rules before you do so.

The following table lists the default actions and precedence for the feeds and Threat Insight in the Default Global Policy:

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

Feed NameDefault ActionDefault Precedence
BaseBlock  – No Redirect1
AntiMalwareBlock  – No Redirect2
Malware_DGABlock  – No Redirect3
RansomwareBlock  – No Redirect4
SURBL_MultiBlock  – No Redirect5
ExploitKit_IPBlock  – No Redirect6
Public DOHBlock - No Redirect7
Public DOH IPBlock - No Redirect8
ThreatInsight-DGAAllow – With Log9
ThreatInsight-DataExfiltrationAllow – With Log10
ThreatInsight-FastFluxAllow – With Log11
ThreatInsight-DNSMessengerAllow – With Log12
AntiMalware_IPAllow – With Log13
Bot_IPAllow – With Log14
SpamBot IPAllow – With Log15
Extended Base & Malware hostnameAllow - With Log16
Extended Ransomware hostnameAllow – With Log17
Extended Malware IPAllow – With Log18
Extended ExploitKit IPAllow - With Log19
SURBL_FreshAllow – With Log20
DHS_AIS_DomainAllow – With Log21
FarSight Newly Observed DomainsAllow - With Log22
CryptoCurrencyAllow – With Log23
TOR_Exit_Node_IPAllow – With Log24


  • No labels

This page has no comments.