Page tree

Contents

For BloxOne Threat Defense Cloud to properly apply a security policy, you must define the network scope so BloxOne Threat Defense Cloud knows which external networks, user groups, DNS forwarding proxies, IPAM, and BloxOne Endpoint groups are affected. All policy rules you define for this security policy will be applied to the entities in the network scope.

To set your network scope for the security policy, complete the following:

  1. On the Network Scope page of the Create New Security Policy wizard, click the Add Source menu and choose one of the following options.

    Note

    For each option, you can choose the applicable objects from the AVAILABLE table and move them to the SELECTED table using theicon. You can click the  icon to select all the objects. You can also search for a specific object using the Search function. To remove an object from the SELECTED table, click the or the  icon. When you have completed your selection, click Add to add the objects, or click Cancel to discard your changes.
    • External Networks: Select this to add external networks to the network scope. For more information, see Configuring External Networks.
    • DNS Forwarding Proxy: Select this to add DNS forwarding proxies to your network scope. For more information about DNS forwarding proxy, see DNS Forwarding Proxy.
    • Endpoint Groups: Select this to add BloxOne Endpoint groups to your network scope. For information about BloxOne Endpoint groups, see BloxOne Endpoint Group Assignment.
    • User Groups: Select this to add user groups to the network scope. The available user groups are those that have been synchronized through the third-party IdP (identify provider) that your admin has configured for access authentication. For more information, see Synchronizing User Groups
  1. For each source you have added, click Add. The source appears in the table. You can click the Add Source menu again to choose another source for your network scope.
  2. After you define your network scope, you can proceed to add policy rules, set precedence order and bypass codes.
  3. Click Next in the wizard to define policy rules. For more information, see Adding Policy Rules and Setting Policy Precedence.

For information about other tasks in creating a new security policy, see the following:

For BloxOne Threat Defense Cloud to properly apply a security policy, you must define the network scope so BloxOne Threat Defense Cloud knows which external networks, user groups, DNS forwarding proxies, IPAM, and BloxOne Endpoint groups are affected. All policy rules you define for this security policy will be applied to the entities in the network scope.

To set your network scope for the security policy, complete the following:

  1. On the Network Scope page of the Create New Security Policy wizard, click the Add Source menu and choose one of the following options.

    Note

    For each option, you can choose the applicable objects from the AVAILABLE table and move them to the SELECTED table using theicon. You can click the  icon to select all the objects. You can also search for a specific object using the Search function. To remove an object from the SELECTED table, click the or the  icon. When you have completed your selection, click Add to add the objects, or click Cancel to discard your changes.
    • External Networks: Select this to add external networks to the network scope. For more information, see Configuring External Networks.
    • DNS Forwarding Proxy: Select this to add DNS forwarding proxies to your network scope. For more information about DNS forwarding proxy, see DNS Forwarding Proxy.
    • Endpoint Groups: Select this to add BloxOne Endpoint groups to your network scope. For information about BloxOne Endpoint groups, see BloxOne Endpoint Group Assignment.
    • User Groups: Select this to add user groups to the network scope. The available user groups are those that have been synchronized through the third-party IdP (identify provider) that your admin has configured for access authentication. For more information, see Synchronizing User Groups

To associate a security policy with DDI IPAM objects in the DNS query, do the following:

1. Select an IP Space to add to your security policy (Manage -> IPAM/DHCP).
2. Click to display the IP Address block(s) associated with the IP Space. From among the listed address blocks, choose an address block to add to your security policy. Make a note of your selected IP space and address block you want associated with your security policy.
3. From the On-Prem Hosts page (Manage -> On-Prem Hosts), perform a search in the search field on the IP address to locate any on-prem host(s) already associated with the IP space. If an on-prem host is not yet associated with the IP space, you will have to associate the on-prem host with the IP space by selecting the on-prem host and editing it. If an on-prem host is not associated with the IP space, then the configuration will not work within the security policy. When the Edit BloxOne Container dialogue appears, in the IP Space field, select the chosen IP space from among the list of on-prem host options from which to associate with the IP Space you have previously selected.
4. Once an IP space has been associated with the on-prem host, click Save & Close to save the configuration.
5. Next, go to Policies -> Security Policies to create the security policy to be associated with the security policy and with the chosen address block.
6. In the Nework Scope section of the Create New Policy dialogue, click Add Source and select IPAM from among the drop-down menu choices.
7. On the Manage IPAM page, locate your chosen IP space and select it. From the listed IPAM objects on the page, select those IPAM object(s) you want to be associated with it (in this case, the IP address block). Once you have made your selections, click Add followed by Save to save the configuration.

                               For more information about IPAM, see DHCP in the Infoblox BloxOne DDI documentation. 

2. For each source you have added, click Add. The source appears in the table. You can click the Add Source menu again to choose another source for your network scope.

3. After you define your network scope, you can proceed to add policy rules, set precedence order and bypass codes.

4. Click Next in the wizard to define policy rules. For more information, see Adding Policy Rules and Setting Policy Precedence.


  • No labels

This page has no comments.