Manual Chapter : Managing Address Lists

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 6.0.1
Manual Chapter

Managing Address Lists

About address lists

Address lists, also called network address lists, are collections of IPv4 or IPv6 addresses, address ranges, nested address lists, geolocations, and subnets. These can be used by other parts of the BIG-IQ® Centralized Management system, such as firewall rules or firewall policies.

You can manage address lists from the following locations:

  • Configuration > NETWORK > Address Lists
  • Configuration > SECURITY > Network Security > Address Lists

Be aware of the following considerations about address lists.

  • Address lists are containers and must contain at least one entry. You cannot create an empty address list; you cannot remove an entry in an address list if it is the only one.
  • Before nesting an address list inside an address list, check to be sure this option is supported on each BIG-IP® device where you intend to deploy the address list.
  • To pin an address list to a deployment, you must do so from the Local Traffic pinning policy user interface: Configuration > LOCAL TRAFFIC > Pinning Policies .
  • You can add geolocation awareness to address lists, which enables you to specify source or destination IP addresses by geographic location rather than by their IP addresses. The geolocation is validated when the address list is saved. If you use a geolocation specification that is valid on the BIG-IQ Centralized Management system, but not supported on a particular BIG-IP device because the device has a different geolocation database, it causes a deployment failure for that device. Importing a BIG-IP device with an invalid geolocation specification causes a discovery failure for that device.

Create address lists

You create address lists so that you can use them with other parts of the BIG-IQ Centralized Management system, such as firewall rules. Address lists are a collection of addresses. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click Configuration > NETWORK > Address Lists .
  • To use the security configuration, click Configuration > SECURITY > Network Security > Address Lists .
  1. Open the Address Lists screen.
    You can access the address list from either the network or network security configuration menu and it will behave in the same way.
  2. Click Create.
    The New Address List screen opens.
  3. On the left, click Properties.
  4. Supply the properties for the address list.
    • In the Name setting, type a unique name for the address list.
    • In the Description setting, type an optional description for the address list.
    • In the Partition setting, type a partition if needed. The Common partition is the default.
  5. On the left, click Addresses.
  6. Supply the addresses for the address list.
    The screen displays a template address for you to complete. An address list must contain at least one address.
  7. In the Type column, select the address type, and then provide the address information in the Addresses column. You can also add a description for each address in the Description column.
    • To add a single address, select Address and type an IPV4 or IPV6 address.
    • To add an address list, select Address List and select the name of the address list.
    • To add a range of addresses, select Address Range and type the beginning and ending IPV4 or IPV6 addresses.
    • To add a location to the address list, select Country/Region and select the country and optionally, the region of the country. You can also select Unknown as the country or region option. Address locations can be used when defining rules based on where a system is located (the geolocation of the system), rather than on the IP address of the system.
    • To add a domain name, select Domain Name and type the domain name.
  8. In the Add/Remove column, click + to add the address to the list.
    You can click X to delete an address from the list.
  9. Continue to add or delete addresses to the address list until the address list is complete.
  10. Save your work.

Edit address lists

You edit address lists to change the properties of the address list or to add, modify, or remove addresses from the address list, or both. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click Configuration > NETWORK > Address Lists .
  • To use the security configuration, click Configuration > SECURITY > Network Security > Address Lists .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Click the name of the address list to edit it.
  3. To modify the address list Description, click Properties and in the Description setting, type or revise an optional description for the address list.
  4. On the left, click Addresses.
  5. Add, modify, or delete addresses for the address list.
    • To modify that address, click the pencil icon to the left of the address.
    • To delete an address, click X in the Add/Remove column.
    • To add an address, click + in the Add/Remove column.
    An address list must contain at least one address.
  6. If you are adding or modifying an address, supply or modify the settings.
    In the Type column, select the address type, and then provide the address information in the Addresses column. You can also add a description for each address in the Description column.
    • To add a single address, select Address and type an IPV4 or IPV6 address.
    • To add an address list, select Address List and select the name of the address list.
    • To add a range of addresses, select Address Range and type the beginning and ending IPV4 or IPV6 addresses.
    • To add a location to the address list, select Country/Region and select the country and optionally, the region of the country. You can also select Unknown as the country or region option. Address locations can be used when defining rules based on where a system is located (the geolocation of the system), rather than on the IP address of the system.
    • To add a domain name, select Domain Name and type the domain name.
  7. In the Add/Remove column, click + to add the address to the list.
    You can click X to delete an address from the list.
  8. Continue to add, modify, or delete addresses in the address list until the address list is complete.
  9. Save your work.

Clone address lists

You can clone an address list to create a copy of it, which you can then edit to address any special considerations. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click Configuration > NETWORK > Address Lists .
  • To use the security configuration, click Configuration > SECURITY > Network Security > Address Lists .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Select the check box next to the address list to clone.
  3. Click Clone.
    The system makes a copy of that address list with the same name, but with -CLONE appended to the name and a blank Description field.
  4. Change the address list properties and contained addresses as needed, such as providing a meaningful name or changing an address within the list.
  5. Save your work.
The new address list is now defined and you can assigned it to an object.

Deploy address lists

If you want to do a quicker deployment by only deploying the address list portion of a configuration, you can do a partial deployment of the address list, instead of deploying the entire configuration. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click Configuration > NETWORK > Address Lists .
  • To use the security configuration, click Configuration > SECURITY > Network Security > Address Lists .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Select the check box next to the address list to deploy.
  3. Click Deploy.
The system displays the selected address list, with options for partial deployment selected. You can now continue the partial deployment process.

Delete address lists

You delete address lists you no longer use to avoid confusion in the user interface. You can access address lists from either the network or the network security configuration menu.
  • To use the network configuration, click Configuration > NETWORK > Address Lists .
  • To use the security configuration, click Configuration > SECURITY > Network Security > Address Lists .
  1. Open the Address Lists screen.
    You can access an address list from either area and it will behave in the same way.
  2. Click the check box next to the address list to delete.
  3. Click Delete.
  4. In the confirmation dialog box that opens, click Delete to confirm the removal.
    If the address list is pinned to a BIG-IP device pinning policy, the deletion will fail.