When running Threat Insight and/or ADP on the Grid, to download the latest module updates and whitelist updates or ADP updates , the Grid Master needs to resolve and access https://ts.infoblox.com on tcp-443. You may need to configure the proxy settings in the Grid and you may need to disable TLS inspection on the proxy.

For Threat Insight, only the Grid Master receives module and whitelist set updates. Grid member receives these updates through standard Grid replication from the Grid Master. Module and whitelist data is only replicated to Grid members that have the threat analytics service enabled (an RPZ license is required to start this service on the members). The appliance uses the port 443 (HTTPS) for downloading the module set and whitelist data updates.

Note: The scheduled time does not indicate the exact time for the download. Downloads occur during the mid-point during a 30-minute time frame. Therefore, the actual download can happen 15 minutes before or after the scheduled time.

You can only update to a newer whitelist set even though you can switch back to an older version of module set, if any. However, if you have configured an Automatic update policy, the appliance overwrites the older file version with the new one. To avoid this, you can change the update policy to Manual or disable automatic downloads.

You can block the highest domain level only if you have installed the Threat Analytics license on the Grid member.

To use Configure Domain Level to block Tunneling option, ensure you update the moduleset to the latest version after a NIOS upgrade. The minimum version of the active moduleset must be equal or later than 20190410.