Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

  1. From the Data Management tab -> DNS tab -> Response Policy Zones tab.
  2. Grid Manager displays the following:
    • Order: Displays the order of RPZs. The order value is empty if you do not assign a primary name server when configuring a local RPZ, or if the local RPZ or the service is disabled.
    • Name: Displays the name of the RPZs. Click the RPZ link to view the following details:
      • Name or Address: Displays the domain name or the IP address.
      • Policy: Defines the policy defined for the corresponding domain name or IP address.
      • Data: Displays the target data of the rule.
      • Comment: Displays the comment specified when an RPZ is defined.
      • Disabled: Displays Yes if the RPZ rule is disabled.
      • Site: Displays extensible attributes that are associated with the domain name or IP address.
    • Type: Displays the type of RPZs, that is, Local, Feed, or FireEye.
    • Primary Name Server: Displays the primary name server that is associated with an RPZ.
    • Last Updated: Displays the last updated time. For RPZ feed, it indicates if the RPZ feed has stalled and when the last zone transfer happened. For a local and FireEye integrated RPZ, it indicates the last time the zone or data was modified.
    • The last updated time is empty, if:
      • A local RPZ is not associated with a primary Grid name server.
      • A zone, either a local RPZ or an RPZ feed, is not enabled.
      • An inbound zone transfer has not occurred for an RPZ feed.
      • Member's DNS service is disabled.

...

    • Comment: Displays the comment recorded when creating the zone. You can double-click on a row to edit the comment. Click Save after modification
      For FireEye integrated RPZs, this column displays the comment recorded when creating the FireEye integrated RPZ. The rules that are created from the FireEye alerts will have alert information in this column. This differentiates between fireeye alert created rules and user created rules. You can double-click on a row to edit the comment. Click Save after modification. Infoblox recommends that you do not modify any internal objects. For example, the Comment column has alert related information, if you modify the data, then the actual alert data will be compromised.
    • Disabled: Displays Yes if the RPZ is disabled. Otherwise, this field displays No.
    • Locked: Displays Yes when a zone is locked by an admin, and displays No when the zone is unlocked.
    • Site: Displays the values that were entered for this pre-defined attribute. You can double-click on a row to edit the Site. Click Save after modification.

You can also do the following:

    • Use QuickFilter and the Goto function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Goto field and select the object from the possible matches. Select a value from the drop-down list to filter the RPZs.
      • None: Select this to display all the RPZs that you have configured.
      • All Local Response Policy Zones: Select this to list only the local RPZs.
      • All Feed Response Policy Zones: Select this to list only the RPZ feeds.
      • All
  • FireEye
      • Fire Eye Response Policy Zones: Select this to list only the FireEye RPZs.
    • Create a quick filter to save frequently used filter criteria. For information, see Using Quick Filters
  • on page76
    • .
    • You can create a bookmark for the RPZs. For information, see Using Bookmarks.
    • You can modify some of the data in the table. Double-click a row of data, and either edit the data in the field or select an item from a drop-down list. Note that some fields are read-only. For more information about this feature, see Modifying Data in Tables.
    • To export the list of RPZs to a .csv file, click the Export icon. For information on the export options, see

Anchor
Modifying RPZs
Modifying RPZs
Anchor
bookmark3322
bookmark3322
Modifying RPZs

...

  1. From the Data Management tab -> DNS tab -> Response Policy Zones tab -> Response Policy Zone check box and then click the Edit icon.
  2. The RPZ editor provides the following tabs from which you can modify data:
      4 on page 1713
    • For a FireEye integrated RPZ, the FireEye tab is displayed. This tab is displayed only after you install the FireEye license. You can modify or override the rule mapping for FireEye alerts or APT events. For more information, see Configuring FireEye RPZs .

...

...

...

3. Save the configuration and click Restart if it appears at the top of the screen.

Anchor
Reordering RPZs
Reordering RPZs
Anchor
bookmark3323
bookmark3323
Reordering RPZs

...

  1. From the Data Management tab, select the DNS tab -> Response Policy Zones tab -> Response Policy Zone check box.
  2. To delete an RPZ immediately, click the Delete icon, and then click Yes to confirm the delete request. To schedule the deletion, click Schedule Deletion and in the Schedule Change panel, enter a date, time, and time zone. For information, see Scheduling Deletions.

Grid Manager moves the RPZ to the Recycle Bin, from which you can restore or permanently delete it.

...