When you configure the Grid or Member security properties, you have an option to select an active ruleset or a threat protection profile. A threat protection profile defines specific security settings and ruleset that you want to apply to a specific member or a group of members. Infoblox uses event filters to limit the amount of logs that are generated due to the threat protection events. It drops packets for services or ports that are not enabled on the card.
If you want to use the same threat protection rulesets and settings for multiple members, you can create a threat protection profile and associate it with multiple members so you do not have to configure them individually. You can configure threat protection profiles for both hardware and Software ADP appliances.
Infoblox automatically migrates threat protection profile settings when:
- you update an active ruleset at the Grid level and if a profile has inherited the respective active ruleset from the Grid.
- the profile inherits an active ruleset from the Grid and you override the active ruleset that is associated with the profile.
- the profile is set to override an active ruleset and you change an active ruleset for the profile.
You can do the following to configure threat protection profiles:
- Create threat protection profiles by associating rulesets, event filters and configuring multiple DNS requests over a single TCP session, as described in Adding Threat Protection Profiles.
- Clone threat protection profiles, as described in Cloning Threat Protection Profiles.
- Modify threat protection profiles, as described in Modifying Threat Protection Profiles.
- View differences between an old and a new rulesets and merge changes from an old threat protection profile into the new one, as described in Merging Threat Protection Profiles.
- Inherit Grid rule settings for a threat protection profile, as described in Inheriting Grid Rule Settings.
- Delete a threat protection profile, as described in Deleting Threat Protection Profiles.
- View the list of threat protection profiles, as described in Viewing Threat Protection Profiles.
This page has no comments.