1. Manuals
  2. Brands
  3. Infoblox Manuals
  4. Firewall
  5. Infoblox-550
  6. User manual

Infoblox -550 User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Infoblox User Guide
For the Infoblox-550 Appliance
Version 4.0
P/N 400-0106-100 Rev. A

Advertisement

Table of Contents
loading

Related Manuals for Infoblox Infoblox-550

Summary of Contents for Infoblox Infoblox-550

  • Page 1 Infoblox User Guide For the Infoblox-550 Appliance Version 4.0 P/N 400-0106-100 Rev. A...

  • Page 2: Table Of Contents

    Task 2.10 Enable DHCP and Switch Service to the Infoblox Device ......
  • Page 3 Infoblox, Inc. The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for any damages resulting from technical errors or omissions which may be present in this document, or from use of this document.

  • Page 4: Introduction

    Introduction This guide provides an overview of the Infoblox-550 network identity appliance with Infoblox NIOS (Network Identity Operating System) version 4.0 or later, and it explains how to install and configure it. Two configuration examples are presented. The first example describes how to deploy a single device as an independent external DNS server.

  • Page 5: Infoblox-550 Network Identity Appliance

    Infoblox-550 Network Identity Appliance The Infoblox-550 appliance is a 1-U platform that you can easily mount in a standard equipment rack using the mounting brackets and bolts shipped with the device. The front panel components include the LCD (liquid crystal display) panel and navigation buttons, communication ports, and indicator lights.
  • Page 6 Infoblox-550 Network Identity Appliance Table 1 Infoblox-550 Component Descriptions Component Description LCD Panel An LCD screen that displays HA (high availability) status, network settings, software version number, hardware serial number, and software licenses. Additionally, you can view and configure the IP address, netmask, and gateway for the LAN1 port.
  • Page 7 RJ-45-to-female DB-9 adapters that ship with the device, or a female DB-9-to-female DB-9 null modem cable. The RJ-45 pin assignments follow IEEE 802.3 specifications. All Infoblox ethernet ports are auto-sensing and automatically adjust to standard straight-through and cross-over ethernet cables.

  • Page 8: System, Environmental, And Power Specifications

    10 Mbps System, Environmental, and Power Specifications Understanding the full range of specifications for the Infoblox-550 appliance is critical for maintaining and protecting the hardware from misuse. There are three types of specifications. System specifications describe the physical characteristics of the device. Environmental specifications describe the temperature and moisture limits the device can withstand.
  • Page 9 VCFI 3G 12A, 125 V 60° C 3-prong male plug Europe CEE7 standard VII H05VV-F 6A, 250 V 70° C 2-prong male plug United Kingdom LP-60L H05VV-F 10A, 250 V 70° C 3-prong male plug with fuse Infoblox User Guide...

  • Page 10: Installing The Device

    Using the screws from the accessory kit, attach the brackets to the equipment rack. Powering the Device Use the power cable that ships with the Infoblox-550 appliance to connect it to a power source. Make sure the power switch on the device is turned off.

  • Page 11: Cabling The Device To A Network

    Port list: disable — Port channeling: disable Use the Infoblox GUI to access the Infoblox device from a management system. Through the GUI, you can set up and administer the device. For management system requirements and access instructions, see Accessing the Device on page 11.

  • Page 12: Accessing The Device

    10, you can make an HTTPS connection to the device and access the Infoblox GUI through JWS (Java Web Start) or make an SSHv2 connection and access the CLI through an SSHv2 client. You can also access the CLI by connecting a serial cable directly from the console port of a management system to the console port on the device, and then using a terminal emulation program.

  • Page 13: Infoblox Gui

    You can view data and configuration settings and make configuration changes through the Infoblox GUI. When an Infoblox device functions as an independent device, you launch the ID Device Manager to access the GUI. When the device is in an ID grid, you log in to the grid master and launch the ID Grid Manager.

  • Page 14: Infoblox Cli

    CLI from a remote location using an SSHv2 client. Using the Console Port The Infoblox device has a male DB-9 console port on its front panel. You can log in to the device through this port to access the Infoblox CLI.
  • Page 15 Description: Send 5 sequential ICMP ECHO requests to a remote host and display the results. Use optional <numerical> to avoid DNS lookups. The two main groups of Infoblox CLI commands are . To see the complete list of the commands, show enter help set after the command prompt.

  • Page 16: Configuration Examples

    23 To perform the configuration examples in this chapter, you need to use the Infoblox device LCD or console, and the Infoblox GUI and CLI. For management system requirements and an introduction to the Infoblox GUI and CLI, see Accessing the Device on page 11.

  • Page 17: Task 1.1 Cable The Device To The Network And Turn On Power

    Task 1.1 Cable the Device to the Network and Turn On Power Connect an ethernet cable from the LAN1 port of the Infoblox-550 appliance to a switch in the DMZ network and turn on the power. See Installing the Device on page 9.

  • Page 18: Task 1.3 Specify Device Settings

    Specify Device Settings When you make the initial HTTPS connection to the Infoblox-550 appliance, you see the Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. Use the wizard to enter the following information: •...

  • Page 19: Task 1.4 Define A Nat Address

    Configuration Examples Log back in to the device. When you log in the second time, you access the Infoblox GUI application. For system requirements to use the GUI, see Table 2 on page 11. Task 1.4 Define a NAT Address Because the firewall translates the public IP address 1.1.1.2 to the interface IP address 10.1.5.2, all DNS queries...

  • Page 20: Task 1.6 Import Zone Data

    PTR records are present. You can then modify the host records to add MAC addresses. However, if you only import forward-mapping zone data, the Infoblox device cannot create host records from just the A records. In that case, because you cannot later convert A records to host records, it is more efficient to create the corp100.com zone, and define host records manually.
  • Page 21 Open a browser window, and log in to the device at https://10.1.5.2, using the user name admin and the password SnD34n534. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative.

  • Page 22: Task 1.7 Designate The New Primary On The Secondary Name Server (At The Isp Site)

    Stealth: Clear check box. Click the Save icon. In the Infoblox Views panel of the DNS perspective, click + (for Reverse Mapping Zones) -> 1.1.1.in-addr.arpa -> Edit -> Authoritative Zone Properties. In the Authoritative Reverse Zone editor, click Settings and enter the following: —...

  • Page 23: Task 1.8 Configure Nat And Policies On The Firewall

    At this point, the new DNS server can take over DNS service from the legacy server. You can remove the legacy server and unset any firewall policies permitting traffic to and from 10.1.5.3. Infoblox User Guide...

  • Page 24: Example 2 - Ha Pair For Internal Dns And Dhcp

    Example 2 – HA Pair for Internal DNS and DHCP In this example, you set up an HA pair of Infoblox-550 appliances to provide internal DNS and DHCP services. The HA pair answers internal queries for all hosts in its domain (corp100.com). It forwards internal queries for external sites to ns1.corp100.com at 10.1.5.2 and ns2.corp100.com at 2.2.2.2.

  • Page 25: Task 2.1 Cable Devices To The Network And Turn On Power

    Task 2.1 Cable Devices to the Network and Turn On Power Connect ethernet cables from the LAN1 and HA ports on both Infoblox-550 appliances to a switch in the Server network and turn on the power for both devices. See Installing the Device on page 9.

  • Page 26: Task 2.3 Specify Device Settings

    Specify Device Settings When you make the initial HTTPS connection to an Infoblox device, you see the Infoblox Appliance Startup Wizard, which guides you through the basic deployment of the device on your network. To set up an HA pair, you must connect to and configure each device individually.
  • Page 27 Log in using the default user name and password admin and infoblox. Note: User names and passwords are case-sensitive. The Infoblox Appliance Startup Wizard opens with a splash screen that provides basic information about the wizard, and then displays license agreement information. Beginning on the third wizard screen, enter or select...

  • Page 28: Task 2.4 Enable Zone Transfers On The Legacy Name Server

    Task 2.4 Enable Zone Transfers on the Legacy Name Server To allow the Infoblox device to import zone data from the legacy server at 10.1.4.11, you must configure the legacy server to allow zone transfers to the device at 10.1.4.10.
  • Page 29 Click DNS to open the DNS perspective, and then click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> Forward Mapping Zones -> Edit -> Add Forward Mapping Zone -> Authoritative.

  • Page 30: Task 2.6 Define Networks, Reverse-Mapping Zones, Dhcp Ranges, And Infoblox Hosts

    10.1.5.0/24), or you can create a parent network (10.1.0.0/16) that encompasses all the subnetworks and then use the Infoblox split network feature to create the individual subnetworks automatically. The split network feature accomplishes this by using the IP addresses that exist in the forward-mapping zones to determine which subnets it needs to create.
  • Page 31 You must modify each zone by assigning ns3.corp100.com as its primary DNS server. From the DNS perspective, click Infoblox Views -> + (for Infoblox Views) -> + (for default) -> + (for Reverse Mapping Zones) -> + (for 1.10.in-addr.arpa) -> 1.1.10.in-addr.arpa -> Edit -> Authoritative Zone Properties.
  • Page 32 Infoblox Hosts Defining both a MAC and IP address for an Infoblox host definition creates a DHCP host entry—like a fixed address— that you can manage through the host object. To add a MAC address to each host record that the device created when you imported forward- and reverse-mapping zone records, you must first delete the IP address for that host, and then add the same IP address with the MAC address.

  • Page 33: Task 2.7 Define Multiple Forwarders

    Click the Save icon. The Infoblox device initially sends outbound queries to forwarders in the order that they appear in the Forwarders list, starting from the top of the list. If the first forwarder does not reply, the device tries the second one. The device keeps track of the response time of both forwarders and uses the quicker one for future queries.

  • Page 34: Task 2.9 Modify The Firewall And Router Configurations

    1.1.1.8 host 10.1.4.10 set policy from trust to untrust ns3 ns2 dns permit set policy from trust to dmz ns3 ns1 dns permit set policy from dmz to untrust ns1 ntp_server ntp permit For the Infoblox-550 Appliance...

  • Page 35: Task 2.10 Enable Dhcp And Switch Service To The Infoblox Device

    Task 2.10 Enable DHCP and Switch Service to the Infoblox Device With the Infoblox in place and the firewall and router configured for relaying DHCP messages, you can switch DHCP service from the legacy DHCP server at 10.1.4.11 to the HA pair at 10.1.4.10 (VIP address).

  • Page 36: Task 2.11 Manage And Monitor

    Task 2.11 Manage and Monitor Infoblox provides tools for managing IP address usage and several types of logs to view events of interest and DHCP and DNS data. After configuring the device, you can use the following resources to manage and monitor IP address usage, DNS and DHCP data, and administrator and device activity.
  • Page 37 • DHCP — DHCP Configuration – Contains DHCP server settings and network, DHCP range, and host settings for the Infoblox DHCP server — DHCP Leases – Contains a real-time record of DHCP leases — DHCP Lease History – Contains an historical record of DHCP leases —...

  • Page 38: Joining An Id Grid

    An Infoblox-550 appliance running NIOS 4.0 with the DNSone package and the Keystone upgrade can be a member of an ID grid. You can join a single Infoblox-550 appliance to a grid or you can join two Infoblox-550 appliances in an HA pair.
  • Page 39 Click OK. Type the location of the backup file or navigate to the file and select it, and then click OK. After the merge process completes, the Infoblox application restarts and the JWS (Java Web Start) application terminates. Wait a few minutes, and then log back in to the ID grid master from the JWS login prompt.
  • Page 40 The Infoblox Documentation CD that ships with each Infoblox device contains product documentation in PDF format. In particular, for more detail on any of the features presented in this user guide, refer to the Infoblox Administrator Guide. Infoblox GUI Help When using the Infoblox GUI, you can view HTML Help by clicking the two Help icons—Help, located on the far right of the GUI menu bar, and ?

Table of Contents