Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Oct 07, 2020
Solved

IP Intelligence

Hi,

how to export IP Intelligence database from F5 ?

is it possible to view all ip under each category? if yes then how ?

 

since the update is refreshed every five minutes , does this will affect the size of WAF or may cause any performance issue?

AFM
BIG-IP
devops
IP Address Intelligence
security
  • Dario_Garrido's avatar
    Dario_Garrido
    Oct 09, 2020

    Hello Blue.

     

    "so is it possible to check all ip under each category from portal?"

    No, it's not possible. IP Reputation service is provided by an external company (brightcloud) and their bussiness lays on not disclousing this info.

     

    "so there is no option to check the ip from GUI , i have to do all action from CLI, right?"

    No, there is not. But you can check from internet at

    https://www.brightcloud.com/tools/url-ip-lookup.php

     

    "in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed."

    It's much common to include IP in the blacklist than remove them.

     

    Please, don't forget to mark my answer as the best to help me for the contribution.

     

    Regards,

    Dario.

4 Replies

Sort By
  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Oct 07, 2020

    Hello Blue.

    The IPI DB is stored at /var/IpRep/F5IpRep.dat. I've never tried this before, but you can try to copy this file into a different device.

    The DB is a hash table, where you can check the category of each IP using the next command.

    iprep_lookup <X.X.X.X>

    But there is no an inverse search to get all the IPs from each category.

    The DB updates are composed by addresses that are included and removed. For this reason, you don't have to worry about the space.

    Regards,

    Dario.

    • THE_BLUE's avatar
      THE_BLUE
      Icon for Cirrostratus rankCirrostratus
      Oct 08, 2020

      Hi Dario,

      i want to export the DB let say in cvs format for example to check all ips, but i think it is not possible.

      so is it possible to check all ip under each category from portal?

      so there is no option to check the ip from GUI , i have to do all action from CLI, right?

       

      in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed.

       

       

      thanks

      • Dario_Garrido's avatar
        Dario_Garrido
        Icon for MVP rankMVP
        Oct 09, 2020

        Hello Blue.

         

        "so is it possible to check all ip under each category from portal?"

        No, it's not possible. IP Reputation service is provided by an external company (brightcloud) and their bussiness lays on not disclousing this info.

         

        "so there is no option to check the ip from GUI , i have to do all action from CLI, right?"

        No, there is not. But you can check from internet at

        https://www.brightcloud.com/tools/url-ip-lookup.php

         

        "in regards to DB status, it mention how many ips has been added , but no details related to how many ip has been removed."

        It's much common to include IP in the blacklist than remove them.

         

        Please, don't forget to mark my answer as the best to help me for the contribution.

         

        Regards,

        Dario.