Differences

This shows you the differences between two versions of the page.

--- infoblox_nios:firewall_rules [2023/03/08 07:29] – bstafford
+++ infoblox_nios:firewall_rules [2024/04/21 02:09] (current) – [Reporting Server] bstafford
@@ Line 1: / Line 1: @@
-====== NIOS Firewall Rules =====
+===== NIOS Firewall Rules ====
+==== Threat Insight =====
 When running Threat Insight and/or ADP on the Grid, to download the latest module updates and whitelist updates or ADP updates , the Grid Master needs to resolve and access ''https://ts.infoblox.com'' on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.
-For Threat Insight, only the Grid Master receives module and whitelist set updates. Grid member receives these updates through standard Grid replication from the Grid Master. Module and whitelist data is only replicated to Grid members that have the threat analytics service enabled (an RPZ license is required to start this service on the members). The appliance uses the port 443 (HTTPS) for downloading the module set and whitelist data updates.
+==== Ports ====
+NIOS listens on TCP-8765 for SAML.
+==== Public IP List ====
+Full list [[https://infoblox-allowlist.s3.amazonaws.com/infoblox-hostnames-ips.json|here]].
-Note: The scheduled time does not indicate the exact time for the download. Downloads occur during the mid-point during a 30-minute time frame. Therefore, the actual download can happen 15 minutes before or after the scheduled time.
+==== Rules ====
+  * **Grid Connection** From all members to GM/GMC and vice-versa. UDP 2114 & UDP 1194.
+  * **Reporting** All members of the Grid need to be able to talk to port TCP 9997 on the reporting server.
+  * **NTP** GM/GMC should access NTP servers on UDP 123. Other members sync to the active GM. If you want members to configure directly to external NTP source, configure accordingly.
+  * **DNS** All members should have access to DNS recursion unless the Grid is locked down.
+  * **Access** System admins should access GM/GMC on TCP 443 (HTTPS).
+  * **Access** System admins should access all members on TCP 22 (SSH).
+  * **Syslog** should have access to UDP 514 to the syslog server.
+  * **Email** GM/GMC should have access to TCP 25 to the email server.
+  * **Monitoring** All members should have access to UDP 162 on SNMP monitoring server.
+  * **Monitoring** SNMP monitoring server should have access to all members on UDP 161.
+==== NIOS DFP to CSP ====
-You can only update to a newer whitelist set even though you can switch back to an older version of module set, if any. However, if you have configured an Automatic update policy, the appliance overwrites the older file version with the new one. To avoid this, you can change the update policy to Manual or disable automatic downloads.
+^ Destination address ^ Destination Host Name ^ Destination Port ^
+| 52.119.40.100 | threatdefense.bloxone.infoblox.com | 53 |
+| 52.119.40.100 | threatdefense.bloxone.infoblox.com | 443 |
-You can block the highest domain level only if you have installed the Threat Analytics license on the Grid member.
+| 103.80.5.100 | threatdefense.bloxone.infoblox.com | 443 |
+| 52.119.41.100 | threatdefense.infoblox.com | 443 |
-To use Configure Domain Level to block Tunneling option, ensure you update the moduleset to the latest version after a NIOS upgrade. The minimum version of the active moduleset must be equal or later than 20190410.
+| 103.80.6.100 | threatdefense.infoblox.com | 443 |
+| 3.209.116.255 | ec2-3-209-116-255.compute-1.amazonaws.com | 443 |
+| 3.210.226.54 | ec2-3-210-226-54.compute-1.amazonaws.com | 443 |
+| 3.212.42.44 |     ec2-3-212-42-44.compute-1.amazonaws.com | 443|
+| 3.214.29.106 | ec2-3-214-29-106.compute-1.amazonaws.com | 443 |
+| 3.213.214.20 | ec2-3-213-214-20.compute-1.amazonaws.com | 443 |
+| 18.233.189.178 | ec2-18-233-189-178.compute-1.amazonaws.com | 443 |
+| 18.209.243.220 | ec2-18-209-243-220.compute-1.amazonaws.com | 443 |