Differences

This shows you the differences between two versions of the page.

--- infoblox_nios:firewall_rules [2023/03/08 07:25] – bstafford
+++ infoblox_nios:firewall_rules [2024/04/21 02:09] (current) – [Reporting Server] bstafford
@@ Line 1: / Line 1: @@
-====== NIOS Firewall Rules =====
+===== NIOS Firewall Rules ====
+==== Threat Insight =====
-When running Threat Insight and/or ADP on the Grid, to download the latest module updates and whitelist updates or ADP udpates , the Grid Master needs to resolve and access ''https://ts.infoblox.com'' on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.
+When running Threat Insight and/or ADP on the Grid, to download the latest module updates and whitelist updates or ADP updates , the Grid Master needs to resolve and access ''https://ts.infoblox.com'' on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.
-For Threat Insight, only the Grid Master receives module and whitelist set updates. Grid member receives these updates through standard Grid replication from the Grid Master. Module and whitelist data is only replicated to Grid members that have the threat analytics service enabled (an RPZ license is required to start this service on the members). The appliance uses the port 443 (HTTPS) for downloading the module set and whitelist data updates.
+==== Ports ====
+NIOS listens on TCP-8765 for SAML.
+==== Public IP List ====
+Full list [[https://infoblox-allowlist.s3.amazonaws.com/infoblox-hostnames-ips.json|here]].
-Note: The scheduled time does not indicate the exact time for the download. Downloads occur during the mid-point during a 30-minute time frame. Therefore, the actual download can happen 15 minutes before or after the scheduled time.
+==== Rules ====
+  * **Grid Connection** From all members to GM/GMC and vice-versa. UDP 2114 & UDP 1194.
+  * **Reporting** All members of the Grid need to be able to talk to port TCP 9997 on the reporting server.
+  * **NTP** GM/GMC should access NTP servers on UDP 123. Other members sync to the active GM. If you want members to configure directly to external NTP source, configure accordingly.
+  * **DNS** All members should have access to DNS recursion unless the Grid is locked down.
+  * **Access** System admins should access GM/GMC on TCP 443 (HTTPS).
+  * **Access** System admins should access all members on TCP 22 (SSH).
+  * **Syslog** should have access to UDP 514 to the syslog server.
+  * **Email** GM/GMC should have access to TCP 25 to the email server.
+  * **Monitoring** All members should have access to UDP 162 on SNMP monitoring server.
+  * **Monitoring** SNMP monitoring server should have access to all members on UDP 161.
+==== NIOS DFP to CSP ====
+^ Destination address ^ Destination Host Name ^ Destination Port ^
+| 52.119.40.100 | threatdefense.bloxone.infoblox.com | 53 |
+| 52.119.40.100 | threatdefense.bloxone.infoblox.com | 443 |
+| 103.80.5.100 | threatdefense.bloxone.infoblox.com | 443 |
+| 52.119.41.100 | threatdefense.infoblox.com | 443 |
+| 103.80.6.100 | threatdefense.infoblox.com | 443 |
+| 3.209.116.255 | ec2-3-209-116-255.compute-1.amazonaws.com | 443 |
+| 3.210.226.54 | ec2-3-210-226-54.compute-1.amazonaws.com | 443 |
+| 3.212.42.44 |     ec2-3-212-42-44.compute-1.amazonaws.com | 443|
+| 3.214.29.106 | ec2-3-214-29-106.compute-1.amazonaws.com | 443 |
+| 3.213.214.20 | ec2-3-213-214-20.compute-1.amazonaws.com | 443 |
+| 18.233.189.178 | ec2-18-233-189-178.compute-1.amazonaws.com | 443 |
+| 18.209.243.220 | ec2-18-209-243-220.compute-1.amazonaws.com | 443 |