Skip to main content
Skip table of contents

2804 - Managing BloxOne Endpoints


Scenario

You're tasked to deploy a BloxOne endpoint in your organization, you decided to test the process out in a lab environment before you start the production deployment, you will add the endpoint into a newly created endpoint group and add that group into an already existing policy to test if the endpoint will police the traffic as expected.

Estimate Completion Time

  • 40-45 mins

Course Reference

  • 2101: B1TDC Architecture

  • 2102: BloxOne Security Policies

Prerequisites

  • Administrative access to the CSP

  • Lab 2803: Configuring BloxOne Security Policies

Tasks

  • Task 1: Download BloxOne Endpoint

  • Task 2: Create an Endpoint Group and add the windows endpoint to the Endpoint group

  • Task 3: Add the endpoint group to the Security Policy

  • Task 4: Test the security Policy on the Windows endpoint


Task 1: Download BloxOne Endpoint

  • Download the correct Endpoint version for your windows machine.

    • install it on your lab's windows-testing machine.

Task 2: Create an Endpoint Group and add the windows endpoint to the Endpoint group

  • Create an endpoint group and name it Techblue Endpoints and add the windows endpoint into it.

Task 3: Add the endpoint group to the Security Policy

  • Add the endpoint group into the Techblue policy security policy as a data source.

Task 4: Test the security Policy on the Windows endpoint

  • Using your windows-testing machine, verify your policy rules are behaving as expected against the endpoint:

    • infoblox.com should be allowed and queried.

    • vanglabbeek.us should not be accessible.

    • Gambling.com should be redirected.

    • streamthembase.top a known malware domain should not be accessible.

    • Use security activity reports in CSP to verify the correct rules were triggered and the data source was your endpoint.

If you're using Firefox, the browser will block the domain before the request is sent out to any DNS servers and you will get the browser's own warning page and switch over to edge.

Solutions

Task 1 solution: Download BloxOne Endpoint

  1. Switch to the testing-windows machine, and log in using Infoblox as your password.

  2. Using your preferred web browser, navigate to *https://csp.infoblox.com*

    and log in with the credentials provided to you.

  3. In your CSP browser window, navigate to Administration > Downloads, and click Download Windows Endpoint Client in the Endpoint section of the screen.

  4. Once the download is complete, navigate to the Downloads folder and extract the zip file we just downloaded (make sure all the extracted items are in the same location).

  5. Double-click BloxOneEndpoint.msi and click through the installation process.

  6. Verify that BloxOne Endpoint software is installed, it should be visible in the icon tray.

Task 2 solution: Create an Endpoint Group and add the windows endpoint to the Endpoint group

  1. Switch back to jump-Desktop and in your CSP browser window, navigate to Manage > Endpoints > Endpoint Groups.

  2. Click Create Endpoint Group, give the name Techblue Endpoints then click Save & Close.

  3. Navigate to Manage > Endpoints, select the windows endpoint, and click on the Move button.

  4. Select Techblue Endpoint Group and click Move.

Task 3 solution: Add the endpoint group to the Security Policy

  1. In your CSP window, navigate to policies > Security policies, select the policy we created in the previous lab Techblue-Policy, and click Edit.

  2. Click the Network Scope section, click Add Source and choose Endpoint groups from the drop-down menu.

  3. Click the arrow next to Techblue Endpoint Group to move it to the selected column then click Save & Close.

Task 4 solution: Test the security Policy on the Windows endpoint

  1. Switch over to the testing-windows machine and open a browser window.

  2. To test that AllowList is working we will look up infoblox.com, the domain should open normally.

  3. To test that DenyList is working we will look up vanglabbeek.us, the domain should be inaccessible.

  4. To test if our category filter Unwanted Content is working, we will look up gambling.com, we should be redirected to the default Infoblox redirect page, it looks like this:

  5. To test our threat Insight & feeds rule we will look up streamthembase.top which is a known malware download domain using the web browser, the domain should be inaccessible.

If you're using Firefox, the browser will block the domain before the request is sent out to any DNS servers and you will get the browser's own warning page and switch over to edge.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.