3536 - Merging ADP Rulesets in NIOS
This lab requires a lab environment with Advanced DNS Protection capability!
Please ensure that you have deployed a NIOS Lab Environment (with Advanced DNS Protection) lab environment.
Scenario
A new ADP ruleset has been made available, and you wish to upgrade your ADP solution to using the latest version. However, you have done much tuning and customizations to the existing ruleset, and you do not want to repeat those tuning and customizations to the new ruleset. In other words, you wish to preserve the customizations you have done from the old rulesets and transfer/merge them to the new rulesets.
In this lab, you will merge the old and the new rulesets before activating the new ones so you can preserve any tuning and customizations you have already done.
Estimate Completion Time
15 to 25 Minutes
Credentials
Description | Username | Password | URL or IP |
|---|---|---|---|
Grid Manager UI | admin | infoblox | |
Jump-Desktop | training | infoblox | |
Support-Server | training | infoblox |
Course References
3034: Advanced DNS Protection Tuning in NIOS
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Launch Lab
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
Task 1: Verifying the lab state
Task 2: Merging Rulesets
Task 3: Modifying the External - Tuned profile to use the new ruleset
Task 1: Verifying the lab state
Before starting this lab, you must verify the Grid member extibns.techblue.net (nios-4) is part of the Grid and has the correct license. When ADP licenses are loaded correctly, they appear as Threat Protection in the user interface.
If the license is missing, load the license file available in the jump-desktop file system at Shared Drive/licenses/ADP.lic
Task 2: Merging the current Ruleset with the newly downloaded new Ruleset
Merge the current Ruleset 20230628-12 with the new Ruleset 20231220-12. Make sure to merge the custom rules created for your organization to the new Ruleset.
Task 3: Modifying the External - Tuned profile to use the new ruleset
Modify the External - Tuned profile to use the newly updated ruleset.
Certain Rule Categories are not required because the server only responds to DNS queries. No DNS traffic is recursed/passed through the server. Disabling categories and rules prevents the ADP engine from having to interrogate against rules that aren’t applicable. Check that the following Rule Categories are still disabled:
DNS Malware
DNS DDoS
DNS Tunneling
Confirm that the previously created Custom Rules are present.
Solutions
Task 1 Solution: Verifying the lab state
Verify that extibns.techblue.net has all the required licenses:
Navigate to Grid → Licenses, and check which licenses are applied to extibns.techblue.net.
If ADP licenses are missing, click the + button and add the license file. The license file should be under Shared Drive/licenses/ named ADP.lic. Click Save License(s) to apply the selected file.
Before you continue, make sure ADP licenses are added to the grid on the licenses list.
Task 2 Solution: Merging Rulesets
Merge the current Ruleset 20230628-12 with the new Ruleset 20231220-12. Make sure to merge the custom rules created for your organization to the new Ruleset.
The two rulesets must be merged before activating the new one.
Navigate to Data Management → Security → Threat Protection Rules.
Select Merge → Ruleset from the Toolbar.
Choose the original ruleset (20230628-12) on the left-hand side – Merge changes from…. This is the ruleset we want to copy the custom rules from.
On the right-hand side, choose the ruleset you want to copy To. In this example, the ruleset 20231220-12 is used.
Click Get Differences.
The top panel shows system rules that have changed in the new ruleset. You can review them from here. The lower panel shows the customization in the first ruleset that are not in the new ruleset.
Select the custom rules created by your organization and click Merge Changes.
Choose Yes to confirm the changes should be copied to the new ruleset.
Close the Merge Changes into Ruleset window.
Task 3: Modifying the External - Tuned profile to use the new ruleset
In this task, you modify the External - Tuned profile to use the new updated ruleset, then we will disable (DNS Malware, DNS DDoS and DNS Tunneling) Categories and finally verify that our custom rules have been merged corrrectly.
Navigate to Data Management → Security → Profiles.
Select the External - Tuned profile and click Edit.
Select the latest that you have just merged the rules into, in this example it is 20231220-12.
Click Save & Close.
Click on the External - Tuned profile
Scroll down to the DNS Malware category. New rules that were added to the ruleset will not automatically be disabled. Confirm that all the rules in the category are disabled.
Click the hamburger icon and select Disable all rules in Category.
Repeat the steps to confirm that DNS DDoS and DNS Tunneling rules are also disabled.
Navigate to Data Management → Security → Threat Protection Rules.
Click the latest Ruleset that you have just merged the rules into, in this example it is 20231220-12.
Select All Custom Rules from the Quick filter drop-down menu. All three custom rules should be present and disabled.
Publish the changes when prompted.
