Skip to main content
Skip table of contents

Applying Advanced DNS Protection (ADP) Rulesets in NIOS (2547)

This lab requires a lab environment with Advanced DNS Protection capability!
Please ensure that you have deployed a NIOS 9.0 Lab Environment (with Advanced DNS Protection) lab environment.

Scenario

As you have set up your environment for ADP it’s now time to apply for the ADP license and perform initial ADP configuration. ADP services require an initial ruleset.

Learning Content

Estimate Completion Time

  • 30 to 35 minutes

Prerequisites

Credentials

Description

Username

Password

URL or IP

Grid Manager UI

admin

infoblox

https://10.100.0.100/

Requirements

  • Administrative access to the Grid

  • Usage of the NIOS Lab Environment (with Advanced DNS Protection) Lab environment

Lab Initiation

Access jump-desktop

Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:

Username: training

Password: infoblox

Initiate lab

To initiate the lab, double-click the Launch Lab icon on the Desktop.

Launch Lab

Launch Lab

Choose the lab number from the list and click OK.

After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.

Lab initiation will take a couple of minutes to finish.

Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.

Screenshot 2024-05-06 at 3.16.57 PM.png

Tasks

  1. Load ADP License Files to the Grid

  2. Upload an Initial Ruleset

  3. Configure Rule Update and Ruleset Download Policies

  4. Configure and Enable the Threat Protection (ADP) Service

  5. Start the Threat Protection Service

Task 1: Load ADP License Files to the Grid

  • Add ADP license by navigating to Shared Drive/Licenses. Select the ADP.lic file

Task 2: Upload an Initial Ruleset

  • The Threat Protection Service (ADP) requires a ruleset to start. In this task, you upload a ruleset. Initially, an older ruleset is uploaded, so that you can do an update to the latest ruleset later.

  • Use the rule set ruleset-20250115.bin2 from the Shared Drive file from the Shared Drive/NIOS-Imports folder.

Task 3: Configure Rule Update and Ruleset Download Policies

  • Set the Rule Update Policy to Manual, Enable Automatic Ruleset Downloads and test the connection making sure it does work.

Task 4: Configure and Enable the Threat Protection (ADP) Service

The best practice is to always run ADP in monitor mode for at least a week, to establish traffic patterns.

  • Configure the Threat Protection service to use monitor mode. This enables you to check that the service is configured correctly and that there are no unintended effects on the network traffic.

Task 5: Start the Threat Protection Service

  • Start the ADP service on the extibns.techblue.net member, and restart the service if required

Solutions

Task 1 Solution: Load ADP License Files to the Grid

In this task, we will load the ADP license into the Grid.

  1. On the jump-desktop machine, open a browser window and surf https://10.100.0.100.

  2. Navigate to Grid → Licenses → Members.

  3. Click the plus (+) symbol to add a new license.

  4. Click Select File to upload the license file.

  5. Navigate to Shared Drive/Licenses/9.0.

  6. Select the ADP.lic file and click Open.

  7. Click Verify License(s), then Save All Valid Licenses.

    image-20250211-125414.png

  8. Click on the Show Filter link

  9. Select Feature equals Threat Protection (software add-on), then click Apply.

    • Since ADP in this lab is not running on hardware it is running on a virtual machine we need to use this filter.

      image-20250211-130006.png

  10. Select Feature equals Threat Protection update, then click Apply.

    • This license allows ADP rulesets to be updated automatically if configured.

      image-20250211-125945.png

Task 2 Solution: Upload Initial Ruleset

The Threat Protection Service (ADP) requires a ruleset to work this will automatically be downloaded when the ADP service is started. In this task, we will upload an older ruleset, so that we can do an update to the latest ruleset in a later step.

  1. Navigate to Data Management → Security → Threat Protection Rules.

  2. Click the plus (+) symbol to add a ruleset.

    image-20250211-130406.png

  3. Click Select to upload a file.

  4. Select the ruleset-20250115.bin2 file from the Shared Drive/NIOS-Imports folder.

  5. Click Upload.

    image-20250211-130703.png

  6. Click Test to verify that the ruleset file is not corrupted.

    image-20250211-130753.png

  7. Click Update to update the rules.

    image-20250211-130930.png

  8. Close the Rule File Upload window.

  9. The uploaded ruleset has become the active ruleset, as it’s the first one

    image-20250211-152752.png

Task 3 Solution: Configure Rule Update and Ruleset Download Policies

In this task, we will test our Grid’s connection to the ADP ruleset update servers and download the latest ruleset available for us to use, we wont be activating it yet.

  1. Navigate to Data Management → Security → Threat Protection Rules.

  2. Select Grid Security Properties from the Toolbar.

    image-20250211-131236.png

  3. Under Threat Protection → Basic, Set the Rule Update Policy to Manual.

  4. Check the box next to Enable Automatic Ruleset Downloads.

    image-20250211-131436.png

  5. Click Test Connection. When the test is successful, a blue banner displays at the top of the current window. Ensure the connection works.

    image-20250211-131525.png

  6. Click Download Rules Now.

    image-20250211-131811.png

  7. Click Save & Close and confirm you wish to close the Infoblox (Grid Security Properties) window.

  8. There should be two rulesets.

  9. Verify that the OLD ruleset is still active – do not activate the new ruleset yet.

    image-20250211-131952.png

    1. If the new ruleset is active, you will need to manually activate the old ruleset.

      1. Verify the update configuration to ensure that Rule Update Policy is set to Manual (as per the instructions above).

      2. Click on the hamburger icon next to the old ruleset and select Activate from the menu.

Task 4 Solution: Configure and Enable the Threat Protection (ADP) Service

The best practice is to always run ADP in monitor mode for at least a week, to establish traffic patterns.

In this task, we configure the Threat Protection service to use monitor mode. This enables us to check that the service is configured correctly, and that there are no unintended effects on the network traffic.

  1. Log in to the nios-4 VM console with credentials (admin/infoblox).

    image-20250211-132039.png

  2. Issue the set adp monitor-mode on command.

    • This command will switch the ADP service mode on extibns.techbue.net to monitor mode.

  3. Issue the show adp monitor-mode command.

    • You should see that monitor mode is enabled, but the Threat Protection service is disabled.

      image-20250211-132313.png

Task 7 solution: Start the Threat Protection Service

It can take up to 5 minutes for the Threat Protection service to start

Threat Protection service on the ibns1.techblue.net member is not required for these labs

  1. Switch back to jump-desktop.

  2. Navigate to Data Management → Security → Members.

  3. Select extibns.techblue.net and click Start in the Toolbar.

    image-20250211-132740.png

  4. Click Yes to confirm starting the service.

    image-20250211-132757.png

  5. Restart Services if prompted.

  6. Refresh the page to view the latest status for extibns.techblue.net.

    • The status is in yellow, because extibns.techblue.net is in monitoring mode.

      image-20250211-133608.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close