Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Viewing RPZs

...

...

You can view the list of RPZs, local, feed, or FireEye integrated RPZs, which are currently listed in the Grid. To view RPZs, complete the following:

...

    • Use Quick Filter and the Go to function to narrow down the list. With the autocomplete feature, you can just enter the first few characters of an object name in the Go to field and select the object from the possible matches. Select a value from the drop-down list to filter the RPZs.
      • None: Select this to display all the RPZs that you have configured.
      • All Local Response Policy Zones: Select this to list only the local RPZs.
      • All Feed Response Policy Zones: Select this to list only the RPZ feeds.
      • All Fire Eye Response Policy Zones: Select this to list only the FireEye RPZs.
    • Create a quick filter to save frequently used filter criteria. For more information, see Using Quick Filters.
    • You can create a bookmark for the RPZs. For more information, see Using Bookmarks.
    • You can modify some of the data in the table. Double-click a row of data, and either edit the data in the field or select an item from a drop-down list. Note that some fields are read-only. For more information, see Modifying Data in Tables.
    • To export the list of RPZs to a .csv file, click the Export icon. For more information, see Importing and Exporting Data using CSV Import.
    • Click the Print icon to print the list of RPZs. For more information, see Printing from Grid Manager.

...

Modifying RPZs

...

You can modify the name servers or name server groups, update policy override details and permissions, or edit extensible attributes that are associated with an RPZ. Note that if you have configured a client IP address or network rule for a local RPZ, you cannot associate an Infoblox-4030 appliance as a Grid primary or a Grid secondary name server with that local RPZ.

To modify RPZs, complete the following:

  1. From the Data Management tab -> DNS tab -> Response Policy Zones tab -> Response Policy Zone check box and then click the Edit icon.
  2. The RPZ editor provides the following tabs from which you can modify data:
    • For a FireEye integrated RPZ, the FireEye tab is displayed. This tab is displayed only after you install the Security Ecosystem license. You can modify or override the rule mapping for FireEye alerts or APT events. For more information, see Configuring FireEye RPZs.
    • You can also enter or edit information in the Name Servers, Extensible Attributes, Settings, and Permissions tabs. For more information, see Modifying, Disabling, and Deleting Host and Resource Records.
    • Logging: In this tab, you can enable or disable logging at the zone level for RPZ zones. You can Override the RPZ logging option onlyif the RPZ/Security log is enabled at the Grid or member level. The values are inherited from the Grid or member by default. To view RPZ logs at the Grid level, see Setting DNS Logging Categories. Selecting the Override option allows you to disable RPZ logging for the particular zone. However, if the RPZ logging is not enabled at the Grid or member level, you cannot Override or Inherit logging at the zone level.

3. Save the configuration and click Restart if it appears at the top of the screen.

...

Reordering RPZs

You can change the order of RPZs, local feeds, or FireEye integrated RPZs, in each view. When you add a new local RPZ, it is added to the top of the zone list and an RPZ feed is automatically added to the bottom of the zone list. You can change the order of each through the re-ordering process.

The policy override works based on zone ordering. The zone at the top has the highest priority and it overrides the lower priority zone. To override an RPZ feed with a local RPZ, place the local feed at the top before an RPZ feed. You cannot reorder zones if they are disabled or do not have any primary name server assigned.

To reorder RPZs, complete the following:

  1. From the Data Management tab, select the DNS tab -> Response Policy Zones tab, click Order Response Policy Zones from the Toolbar.
  2. The following are displayed in the Order Response Policy Zones wizard:
    • Ordering: Use the up and down arrows to move the RPZ to the desired order.
    • Response Policy Zone: Displays all the RPZs.
    • Priority: Displays the order of RPZs.
  3. Click OK to save the changes.

...

Locking and Unlocking RPZs

...

You can lock an RPZ so only you can make changes to it, which prevents others from making conflicting changes. When you lock an RPZ, the Grid Manager displays LOCKED beside the RPZ. When other administrators try to make changes to a locked RPZ, the system displays a warning message that the RPZ is locked and the name of the admin who locked the RPZ.

Only a superuser or the administrator who locked the RPZ can unlock it. RPZ locks do not expire and you must manually unlock a locked RPZ.

To lock or unlock RPZs, complete the following:

  1. From the Data Management tab, select the DNS tab -> Response Policy Zones tab, select the Response Policy Zone -> Ruleset.
  2. You can do the following:
    • To Lock: Click the Lock icon to lock the zone.
    • To Unlock: Click the Unlock icon to unlock the zone.

...

Deleting RPZs

You can delete RPZs or schedule them for deletion at a later date. The NIOS appliance moves the deleted RPZs to the Recycle Bin if enabled. When you restore the zone from the Recycle Bin, it will be restored to the bottom of the zone list.

To delete RPZs, complete the following:

...