Infoblox RPZ Feeds with Infoblox Threat Intelligence firewall permissions.

c880gm · ‎08-02-2021

Rigth now I'm deploying a new grid which has the Threat Intelligene license, I'm wondering if there is a KB with the permissions needed for the infoblox appliance to communicate with the Infoblox Threat Intelligence service.

Our topology is something like this: Infoblox Appliance ---> Firewall Appliance --> Internet.

do you know what which ports and infoblox IP addresses do we need to allow on the firewall appliance?

Regards.

ralbert · ‎08-04-2021

Hi,

If you are referring configuration of BloxOne Threat defence RPZ feeds in your NIOS Grid, to deploy remote RPZ feeds, you will need a Grid member with at least a DNS and a RPZ license. In order to obtain the feeds, your member will need access to our Threat Intelligence Feed servers on port 53 (UDP and TCP) as the feed data is transferred through a DNS zone transfer. Your server will also need to be able to perform recursion in order to obtain response from the internet.

Threat intelligence feed primary server IPs can be obtained from your CSP portal account. Please feel free to open a case with Infoblox Support if you need assistance in Feed configuration.

BloxOne Threat Defense and Threat Intelligence

Infoblox RPZ Feeds with Infoblox Threat Intelligence firewall permissions.

Infoblox RPZ Feeds with Infoblox Threat Intelligence firewall permissions.