2548 - Applying Advanced DNS Protection (ADP) Profiles in NIOS
This lab requires a lab environment with Advanced DNS Protection capability!
Please ensure that you have deployed a NIOS Lab Environment (with Advanced DNS Protection) lab environment.
Scenario
In your efforts to increase your organization’s DNS security posture, you’re adding profiles to your Grid ADP configuration allowing you a more refined and targeted configuration for different areas in your environment.
Course References
2037: Rulesets, Rules and Profiles in NIOS Advanced DNS Protection (ADP)
Estimate Completion Time
15 to 20 minutes
Credentials
Description | Username | Password | URL or IP |
|---|---|---|---|
Grid Manager UI | admin | infoblox |
Requirements
Administrative access to the Grid
Usage of the NIOS Lab Environment (with Advanced DNS Protection) Lab environment
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Launch Lab
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
If you’re running this lab immediately after lab 2547, tasks 1 and 2 should be skipped
Task 1: Set up NIOS-4 to join the Grid
Task 2: Join NIOS-4 to the Grid
Task 3: Create Threat Protection Profile
Task 4: Assign Profile to Grid Member
If you’re running this lab immediately after lab 2547, tasks 1 and 2 should be skipped
Task 1: Set up NIOS-4 to join the Grid
Log into NIOS-4 VM using the credentials (admin/infoblox).
Reset the VM to factory settings using the command
reset all.log back into the VM and validate that it has been reset.
Edit the network settings, using the following table:
IP Address | 203.0.113.105 |
Netmask | 255.255.255.0 |
Gateway | 203.0.113.1 |
VLAN Tag | Untagged |
IPv6 settings | n |
Become a grid member | n |
Set the management interface settings using the command
set interface mgmt, using the following table:
Enable Management port | y |
IP address | 10.35.22.105 |
Gateway | 10.35.22.1 |
IPv6 settings | n |
Restrict access | y |
Task 2: Join NIOS-4 to the Grid
Log back into NIOS-4 VM using the credentials (admin/infoblox).
Add the VM to the grid using the command
set membership, using the following table:
Grid Master VIP | 10.100.0.100 |
Grid name | infoblox |
Grid Secret | test |
Enable grid services on Management interface | y |
Task 3: Create a Threat Protection Profile
Using the Jump-Desktop machine (training/infoblox), log in to the GM web interface at https://10.100.0.100/ with the credentials (admin/infoblox).
Create an ADP Profile, the profile is called External – Initial Configuration. The profile is created with default settings.
Task 4: Assign Profile to Grid Member
Assign the created profile to extibns.techblue.net.
Solutions
Task 1 Solution: Set up NIOS-4 to join the Grid
Log into NIOS-4 VM using the credentials (admin/infoblox).
Reset the VM to factory settings using the command
reset all.
Log back into the VM and validate that it has been reset by using the command
show networkand if the interface is using the default ip then the VM has been reset.
Edit the network settings using the command
set network, using the following table:
Set the management interface settings using the command
set interface mgmt, using the following table:
Task 2 solution: Join NIOS-4 to the Grid
Log back into NIOS-4 VM using the credentials (admin/infoblox).
Add the VM to the grid using the command
set membership, using the following screenshot:
Switch over the Jump-Desktop machine and log into the grid Ui with the credentials (admin/infoblox) on the address https://10.100.0.100/
Verify that NIOS-4 has joined the grid under the name extibns.techblue.net and that threat protection Service is up and running,
Task 3 Solution: Create Threat Protection Profile
Using the Jump-Desktop machine (training/infoblox), log in to the GM web interface at https://10.100.0.100/ with the credentials (admin/infoblox).
Navigate to Data Management → Security → Profiles. Click the plus (+) symbol to add a new profile.
Create a new profile called External – Initial Configuration.
Click Override next to the Active Ruleset Version and select the oldest ruleset 20230628-12.
Click Save & Close.
Task 4 Solution: Assign Profile to Grid Member
Navigate to Data Management → Security → Members.
Select the extibns.techblue.net member and click Edit.
Select the Use profile radio button.
Click Select Profile and select the External – Initial Configuration profile.
Click Save & Close to save the profile setting.
Publish changes when prompted.
The External – Initial Configuration profile is listed for extibns.techblue.net
