F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP AFM
  4. BIG-IP Network Firewall: Policies and Implementations
  5. About IP Address Intelligence in the Network Firewall
Manual Chapter : About IP Address Intelligence in the Network Firewall

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 11.3.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About IP intelligence in the network firewall

The network firewall checks traffic against an IP intelligence database to automatically handle traffic from known bad or questionable IP addresses. You can control the actions for each category of IP addresses in the network firewall.

Category Description
Windows exploits IP addresses that have exercised various exploits against Windows resources using browsers, programs, downloaded files, scripts, or operating system vulnerabilities.
Web attacks IP addresses that have launched web attacks of various forms.
Botnets IP addresses of computers that are infected with malicious software and are controlled as a group, and are now part of a botnet. Hackers can exploit botnets to send spam messages, launch various attacks, or cause target systems to behave in other unpredictable ways.
Scanners IP addresses that have been observed to perform port scans or network scans, typically to identify vulnerabilities for later exploits.
Denial of Service IP addresses that have launched Denial of Service (DoS) attacks. These attacks are usually requests for legitimate services, but occur at such a fast rate that targeted systems cannot respond and become bogged down or unable to service legitimate clients.
Infected Sources IP addresses that issue HTTP requests with a low reputation index score, or are known malware sites.
Phishing IP addresses that are associated with phishing web sites that masquerade as legitimate web sites.
Proxy IP addresses that are associated with web proxies that shield the originator's IP address (such as anonymous proxies).

Configuring the firewall to check IP address reputations

You can verify IP reputation with the network firewall, and automatically allow or deny packets based on the reputation of the originating IP address.
  1. On the Main tab, click Security > Network Firewall > IP Intelligence. The IP Intelligence screen opens.
  2. Click Create to create a new IP Intelligence rule.
  3. In the Name field, type a name for the IP intelligence profile.
  4. From the Parent Profile list, select the parent profile on which the IP intelligence profile is to be based.
  5. To configure any custom settings for the IP intelligence profile, next to Settings, click the Custom check box.
  6. For each IP address intelligence category, you can select an action.
    • Select Accept to allow packets from sources of the specified type, as identified by the IP address intelligence database.
    • Select Warn to write a warning to the log and allow packets from sources of the specified type, as identified by the IP address intelligence database.
    • Select Reject to drop and send a reject message for packets from sources of the specified type, as identified by the IP address intelligence database.
  7. Click Finished. The list screen is displayed, and the new item is displayed.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information