Skip to main content
Skip table of contents

2805 - Utilizing BloxOne Country-Based Response Policy Zones (RPZ)


Scenario

You're tasked to deploy BloxOne country-based RPZs to block traffic from certain countries, this is to keep your organization in line with new regulatory demands, you will add Russia, North Korea and China to your RPZ and test out the RPZ functions as intended.

Estimate Completion Time

  • 30-50 mins

Course Reference

  • 2104: Creating Custom and Country Based RPZ with BloxOne TIDE

Prerequisites

  • Administrative access to the CSP

  • Lab 2804: Managing BloxOne Endpoints

Tasks

  • Task 1: Create a Country based RPZ

  • Task 2: Add the country-based RPZ to the security policy

  • Task 3: Verify Country-Based RPZ work


Task 1: Create a Country based RPZ

  • Create a new country based RPZ and name it blocked-countries

    • Add Russia, China and North-Korea to the RPZ

Task 2: Add the country-based RPZ to the security policy

  • Add the county based RPZ into the techblue Policy security policy

Task 3: Verify Country-Based RPZ work

  • Verify that the feed has been populated on CSP

    • Using your testing-windows machine browse dzen.ru to verfiy the RPZ is working.

Please wait for 20-30 minutes for the records to be synchronized, the feed will display no records immediately after creation.

Solutions

Task 1 solution: Create a Country based RPZ

  1. Switch to jump-Desktop, in your CSP browser, and navigate to Manage > TIDE Data > Country-based RPZ.

  2. Click the Add Country Based RPZ button and set the feed name to blocked-countries.

  3. Add the countries Russia, China, and North Korea to the Include list by clicking the arrow next to each of them, then click Save & Close.

Task 2 solution: Add the country-based RPZ to the security policy

  1. In your CSP browser, navigate to Policies > Security Policies, check the policy we have been working with in previous labs Techblue-Policy, and click Edit.

  2. Click on the policy rules section, click on Add Rule, and choose Feeds and Threat Insight (this should be the fifth rule on the list).

  3. Set the name to be your country-based RPZ feed name blocked-countries and with the action Block-Default Redirect, then click finish and Save & Close.

Task 3 solution: Verify Country-Based RPZ work

  1. In your CSP browser, navigate to Policies > On-Prem DNS Firewall and click the Feed Configuration Values button, your created RPZ should be at the bottom of the list

  2. Switch to the testing-windows machine, surf dzen.ru using your web browser, and you should be redirected to a page like this:

Please wait for 20-30 minutes for the records to be synchronized, the feed will display no records immediately after creation.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.