Applies To:
Show VersionsBIG-IP AFM
- 14.1.2, 14.1.0
AFM IP Intelligence
Overview: IP Intelligence
-
Webroot BrightCloud - a subscription-based service that requires an additional F5 add-on license.
-
Custom feed list - a list of source IP addresses maintained on a remote server.
About feed lists and feed files
If you are not planning to use the BrightCloud subscription-based service, you can configure custom feed lists to allow or deny remote clients based on their source IP address. Feed lists pull feed files rom remote systems and are then reference by an IP Intelligence policy. You should familiarize yourself with how feed lists and feed files work together.
Feed Files
Feed files are simple text files, created and updated on a remote HTTP/S or FTP server. Feed files contain four comma-separated directives, and only one, the IP address, is required. This table describes the four comma-separated directives.
Position | 1 | 2 | 3 | 4 |
---|---|---|---|---|
Entry | IP Address | Network Mask | Whitelist or Blacklist | Category |
This is an example feed file.
10.10.10.2,32,bl,spam_sources 10.10.11.0,24,wl, 10.10.12.3,,bl,botnets 10.0.0.12,,,
Feed lists are configuration objects on the BIG-IP AFM system used to obtain feed files from remote systems using either HTTP or FTP. When creating a new feed list object, you define the remote server and URL containing the feed file. You can also define a polling interval that determines how often the AFM system will obtain an updated feed file. One or more feed lists can then be used later when creating or modifying IP Intelligence policies.
AFM IP Intelligence policies
BIG-IP AFM IP Intelligence policies are configuration objects that reference one or more feed lists and define an action, such as drop or accept, when a match occurs. IP Intelligence policies can be applied to either the global, route domain, or virtual server contexts, and perform these functions:
-
Reference one or more feed lists.
-
Specify an action when a match is made: Accept or Deny.
-
Override the directives in the feed file.
-
Enable or disable logging when a packet match is made.
-
Apply to either the global or virtual server contexts
Creating an AFM IP Intelligence policy
Task list
- Create the feed file.
- Create a custom feed list category.
- Create the IP Intelligence feed list.
- Create the IP Intelligence policy.
- Apply the IP Intelligence policy.
Create the feed file
- In an accessible directory on an HTTP or FTP server, create a new file named feed_list1.
- The file should contain one entry, for example 10.10.10.1,32,bl,.
- Save the file to the file system.