The Infoblox Subscriber Parental Control provides a mechanism to enable subscribers to manage Internet access and content for their mobility devices, houses, families, or corporations based on the content categories and domains. This helps in restricting users from accessing certain specific content, especially restrict children from accessing specific websites, that are deemed inappropriate. Each subscriber who has opted for the service must be associated with a filtering profile that includes the categories to be blocked for the subscriber session. You can use the pre-defined profiles that address different population segments (such as child, youth, young adults, etc.) or you can create custom profiles for each subscriber in the Infoblox Subscriber Interface. For example, you can define profiles, such as to block children from accessing gambling websites, allow access to educational websites, and monitor access to entertainment websites. You can define profiles for a specific time of the day and for a specific duration. For example, parents can block children from accessing gaming websites from 7.00 AM to 9.00 PM every day. RPZs are used to perform content filtering for the subscribers who have opted for the service. Whenever a subscriber query matches the content of any RPZ, flagged by the blocked category, the traffic is blocked and redirected to the blocking VIP addresses.
You can also add exceptions for the blocked or allowed categories for each profile or policy in the Infoblox Subscriber Interface. For example, you can block gambling websites but allow casino.com or allow alcohol websites but block vodka.com. You can add a maximum of 10 domains each to the blacklist and whitelist domains for each subscriber. The subscriber query is matched with the blacklist and whitelist domains and appropriate action is taken. If a query is matched with a blacklisted domain, the query is redirected to the blocking server and if a query is matched with a whitelisted domain, the query is resolved normally.
The Infoblox Subscriber Parental Control is currently supported on the following Infoblox appliances: IB-1415, IB-1425, IB-2215, IB-2225, PT-1405, PT-2205, IB-4030, IB-4030-10GE, IB-VM-1405, IB-VM-1415, IB-VM-1425, IB-VM-2205, IB-VM-2225, IB-VM-1425, and IB-FLEX.
As illustrated in Figure 46.2, the DNS server receives RADIUS accounting messages and AVPs (Attribute Value Pairs) from the Infoblox Harmony product. For information about Infoblox Harmony product, refer to Infoblox Harmony documentation. The AVP includes the policy vector that defines the blocked categories and domains for the subscribers who has opted for the service. RPZs perform the filtering of content for these subscribers by applying the parental control policies on incoming subscriber queries. The appliance either allows or blocks the traffic based on the parental control policies. The blocked traffic might also be redirected to the MSP server for evaluation of the traffic. When the traffic is blocked, a blocking page is displayed to the subscriber describing the reason for blocking the traffic. The parental control policies are configured on the Infoblox Harmony product using the Infoblox Subscriber Interface and the policies can have an expiration date.
The NIOS appliance logs all parental control related events, conformed to CEF (Common Event Format), in the syslog. You can get information about the hit when users try to access one of those websites on the blocking list. The reporting server in the Grid generates corresponding reports that contain statistics about parental control related events. For information about monitoring parental control hits by users, see Monitoring Subscriber Policy Violations.
Figure 46.2 Infoblox Subscriber Parental Control
Following are some guidelines to take into consideration when using Infoblox Subscriber Parental Control:
To enable and configure Infoblox Subscriber Parental Control on the supported Infoblox appliances, complete the following:
After completing the DNS configuration on the Grid members, start the DNS service on the Grid members. For information about how to start and stop the DNS service, see Starting and Stopping the DNS Service.
Ensure that you enable IPv6 on the Grid members to support IPv6 subscribers. For information, see Configuring IPv6 on a Grid Member.
After you set up the Infoblox Subscriber Parental Control, you can monitor parental control related events using predefined reports and the syslog, as described in Monitoring Subscriber Policy Violations.
To enable Subscriber Parental Control, you must ensure that the subscriber collection service is configured and is running properly. After enabling Subscriber Parental Control, you must add Parental Control blocking VIP addresses and add at least one MSP server to the subscriber site. For information about adding Parental Control blocking IP addresses and MSP addresses to the subscriber site, see Modifying Subscriber Sites. Enabling Subscriber Parental Control, automatically creates an authoritative zone in the default DNS view with A, AAAA, and CNAME records for the MSP and the blocking VIP addresses.
You can disable Subscriber Parental Control only when all the Parental Control blocking VIP addresses and the MSP addresses in all the subscriber sites are removed.
To enable Infoblox Subscriber Parental Control:
Contact Infoblox Technical Support for the category feed account information.
This page has no comments.