Manual Chapter : Managing Address Lists

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Managing Address Lists

About address lists

Address lists
, also called network address lists, are collections of IPv4 or IPv6 addresses, address ranges, nested address lists, geolocations, and subnets. These can be used by other parts of the BIG-IQ Centralized Management system, such as firewall rules or firewall policies.
You can manage address lists from the following locations:
  • Configuration
    NETWORK
    Address Lists
  • Configuration
    SECURITY
    Network Security
    Address Lists
Be aware of the following considerations about address lists.
  • Address lists are containers and must contain at least one entry. You cannot create an empty address list; you cannot remove an entry in an address list if it is the only one.
  • To pin an address list to a deployment, you must do so from the Local Traffic pinning policy user interface:
    Configuration
    LOCAL TRAFFIC
    Pinning Policies
    .
  • You can add geolocation awareness to address lists, which enables you to specify source or destination IP addresses by geographic location rather than by their IP addresses. The geolocation is validated when the address list is saved. If you use a geolocation specification that is valid on BIG-IQ, but not supported on a particular BIG-IP device because the device has a different geolocation database, it causes a deployment failure for that device. Importing a BIG-IP device with an invalid geolocation specification causes a discovery failure for that device.

Create address lists

You create address lists so that you can use them with other parts of the BIG-IQ Centralized Management system, such as firewall rules. Address lists are a collection of addresses. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click
    Configuration
    NETWORK
    Address Lists
    .
  • To use the security configuration, click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
  1. Open the Address Lists screen.
    You can access the address list from either the network or network security configuration menu and it will behave in the same way.
  2. Click
    Create
    .
    The New Address List screen opens.
  3. On the left, click
    Properties
    .
  4. Supply the properties for the address list.
    • In the
      Name
      setting, type a unique name for the address list.
    • In the
      Description
      setting, type an optional description for the address list.
    • In the
      Partition
      setting, type a partition if needed. The
      Common
      partition is the default.
  5. On the left, click
    Addresses
    .
  6. Supply the addresses for the address list.
    The screen displays a template address for you to complete. An address list must contain at least one address.
  7. In the
    Type
    column, select the address type, and then provide the address information in the
    Addresses
    column. You can also add a description for each address in the
    Description
    column.
    • To add a single address, select
      Address
      and type an IPV4 or IPV6 address.
    • To add an address list, select
      Address List
      and select the name of the address list.
    • To add a range of addresses, select
      Address Range
      and type the beginning and ending IPV4 or IPV6 addresses.
    • To add a location to the address list, select
      Country/Region
      and select the country and optionally, the region of the country. You can also select
      Unknown
      as the country or region option. Address locations can be used when defining rules based on where a system is located (the geolocation of the system), rather than on the IP address of the system.
    • To add a domain name, select
      Domain Name
      and type the domain name.
  8. In the
    Add/Remove
    column, click
    +
    to add the address to the list.
    You can click
    X
    to delete an address from the list.
  9. Continue to add or delete addresses to the address list until the address list is complete.
  10. Save your work.

Edit address lists

You edit address lists to change the properties of the address list or to add, modify, or remove addresses from the address list, or both. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click
    Configuration
    NETWORK
    Address Lists
    .
  • To use the security configuration, click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Click the name of the address list to edit it.
  3. To modify the address list
    Description
    , click
    Properties
    and in the
    Description
    setting, type or revise an optional description for the address list.
  4. On the left, click
    Addresses
    .
  5. Add, modify, or delete addresses for the address list.
    • To modify that address, click the pencil icon to the left of the address.
    • To delete an address, click
      X
      in the
      Add/Remove
      column.
    • To add an address, click
      +
      in the
      Add/Remove
      column.
    An address list must contain at least one address.
  6. If you are adding or modifying an address, supply or modify the settings.
    In the
    Type
    column, select the address type, and then provide the address information in the
    Addresses
    column. You can also add a description for each address in the
    Description
    column.
    • To add a single address, select
      Address
      and type an IPV4 or IPV6 address.
    • To add an address list, select
      Address List
      and select the name of the address list.
    • To add a range of addresses, select
      Address Range
      and type the beginning and ending IPV4 or IPV6 addresses.
    • To add a location to the address list, select
      Country/Region
      and select the country and optionally, the region of the country. You can also select
      Unknown
      as the country or region option. Address locations can be used when defining rules based on where a system is located (the geolocation of the system), rather than on the IP address of the system.
    • To add a domain name, select
      Domain Name
      and type the domain name.
  7. In the
    Add/Remove
    column, click
    +
    to add the address to the list.
    You can click
    X
    to delete an address from the list.
  8. Continue to add, modify, or delete addresses in the address list until the address list is complete.
  9. Save your work.

Clone address lists

You can clone an address list to create a copy of it, which you can then edit to address any special considerations. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click
    Configuration
    NETWORK
    Address Lists
    .
  • To use the security configuration, click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Select the check box next to the address list to clone.
  3. Click
    Clone
    .
    The system makes a copy of that address list with the same name, but with
    -CLONE
    appended to the name and a blank
    Description
    field.
  4. Change the address list properties and contained addresses as needed, such as providing a meaningful name or changing an address within the list.
  5. Save your work.
The new address list is now defined and you can assigned it to an object.

Rename address lists

You rename an address list when you want to make that name more accurate or distinct. Renaming an address list causes a new address list to be created and the old address list to be deleted in a single transaction. All references to the old address list are updated to refer to the renamed address list.
  1. Click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
    You cannot rename an address list from the
    Configuration
    NETWORK
    Address Lists
    area.
  2. Select the check box next to the address list to rename.
  3. Click
    Rename
    .
    A dialog box displays.
  4. Enter the new name in the dialog box and click
    Save
    .
    The BIG-IQ system shows the status of the renaming operation in the dialog box.
  5. Click
    Close
    to exit the dialog box.
The address list has been renamed.

Deploy address lists

If you want to do a quicker deployment by only deploying the address list portion of a configuration, you can do a partial deployment of the address list, instead of deploying the entire configuration. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click
    Configuration
    NETWORK
    Address Lists
    .
  • To use the security configuration, click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Select the check box next to the address list to deploy.
  3. Click
    Deploy
    .
The system displays the selected address list, with options for partial deployment selected. You can now continue the partial deployment process.

Delete address lists

You delete address lists you no longer use to avoid confusion in the user interface. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click
    Configuration
    NETWORK
    Address Lists
    .
  • To use the security configuration, click
    Configuration
    SECURITY
    Network Security
    Address Lists
    .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Click the check box next to the address list to delete.
  3. Click
    Delete
    .
  4. In the confirmation dialog box that opens, click
    Delete
    to confirm the removal.
    If the address list is pinned to a BIG-IP device pinning policy, the deletion will fail.

Import address lists

Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already .
You can create address list entries in a text editor on your local machine and import them as a CSV file into BIG-IQ in order to save time from doing manual entry.
  1. At the top of the screen click
    Configuration
    , then, on the left click
    SECURITY
    Network Security
    Network Firewall
    Address Lists
    .
  2. Select
    Import
    and confirm your selection in the popup screen.
    The import process might take about a minute, depending on the number of the address list you are importing. There is no maximum number of address lists you may import. You can close the import popup once you are finished by selecting
    Close
    .
    BIG-IQ populates the
    Address Lists
    page with your data.
Once the address lists are imported into BIG-IQ, you can view, clone, delete, deploy, and rename the lists from BIG-IQ, as well as view and edit individual IP addresses within each list.

Export address lists

Before you can import address lists, you need to have permissions of the Network Security Editor user role if you do not already.
You can export address lists from a production BIG-IQ to replicate the system in your lab so you can troubleshoot network firewall issues efficiently.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    SECURITY
    Network Security
    Network Firewall
    Address Lists
    .
  2. Select
    Export
    and confirm your selection in the popup screen.
    The export process might take about a minute, depending on the size of the address lists. There is no maximum number of address lists you may export. You can cancel the export process at any time during the file conversion by selecting
    Cancel
    in the popup screen.
    BIG-IQ generates a CSV file containing the address lists that will be downloaded onto your local machine.
Once the address lists are compiled into a CSV file, you can upload this file into an editor of choice in your environment for troubleshooting.