Search

Page tree

Contents

Infoblox periodically releases updated rulesets. After an automatic update, the new ruleset is automatically applied to the Grid members that are using the Grid wide ruleset. After a manual update, you can manually apply the new ruleset to the Grid or individual Grid members. Before you manually publish a ruleset, you can view differences between the current ruleset and the newly downloaded one. You can also modify some changed parameters and then merge the changes from the old version to the new one. For more information, see Comparing and Merging Rulesets. For information on applying rulesets based on profiles, see Adding Threat Protection Profiles.
You can view the current ruleset version (displayed in the Version column) in one of the following tabs:

  • Grid: From the Data Management tab, select the Security tab -> Threat Protection Rules tab.
  • Member: From the Data Management tab, select the Security tab -> Members tab.
  • Profile: From the Data Management tab, select the Security tab -> Profiles tab.

In a Grid, you can run different versions of rulesets on different Grid members. For example, Grid member 1 can use revision 1 and Grid member 2 can use revision 2 of the ruleset. You can also switch back to a previous ruleset version when necessary, but you cannot change the version number for individual rules.
The appliance retains up to nine (9) rulesets at any given time: five (5) old rulesets, one (1) newly downloaded ruleset and three (3) "Do Not Delete" rulesets. You can configure rulesets as "Do Not Delete" at the Grid level. The appliance retains these rulesets and they cannot be deleted during an automatic or manual ruleset update. To allow a ruleset to be deleted during an update, you must first disable the "Do Not Delete" flag for these rulesets. Note that you cannot delete a ruleset that is used by the Grid or any members. For information about how to configure the "Do Not Delete" flag, see Modifying Rulesets.
For more information about how to add, modify, and delete a ruleset, see Managing Threat Protection Rulesets.

Ruleset Update Behavior

Consider the following behavior during a ruleset update:

  • If you have configured the rule update policy as Automatic, the following occurs:
    • For each rule that exists in the current ruleset and is used by a Grid member, the appliance automatically copies all customized parameter values from the current ruleset to the corresponding rules in the new ruleset. For rule templates that exist in the current ruleset and are used by any member in the Grid, the appliance automatically copies the rule instances from the current version to the new ruleset.
    • The appliance automatically compares and integrates all rule changes into the new ruleset. For manual ruleset update, you can view the differences between the current ruleset and the newly downloaded ruleset, select specific rules and make modifications to customized parameters, and then merge the changes into the new ruleset before applying it to the Grid and members. For more information about how to view the rule differences and merge changes, see Comparing and Merging Rulesets.
    • The new ruleset is applied to the Grid and only members that use the same ruleset version as the Grid through inheritance from the Grid security properties. For members that use the same ruleset version as the Grid but has parameter overrides for certain rules, the overridden values will be copied to the new ruleset.

For information about how to configure the rule update policy, see Configuring Grid Security Properties.

  • When there are a total of nine (9) rulesets stored in the database, the ruleset that is not used by the appliance and is not marked as "Do Not Delete" will be replaced by the newly downloaded ruleset.
  • If there are more than one ruleset that can be replaced, the appliance selects the oldest version based on the version number.
  • If a specific system or auto rule from the current ruleset version does not exist in the new ruleset, it will not be migrated to the new ruleset.
  • If a specific template from the current ruleset version does not exist in the new ruleset, all of its custom rules will not be migrated to the new ruleset.


This page has no comments.