Forum Discussion
Marvin
Cirrocumulus
CirrocumulusF5 AFM IP intelligence whitelist content
We have F5 AFM IP intelligence and we dont use the AFM license so no external feed list but only the local categories on the system. it is licensed with IP intelligence, now the question.
How can we see the whitelist category content from CLI or GUI?
Security ›› Network Firewall : IP Intelligence : Blacklist Categories whitelist
Here in the menu you have the option Add to gategory and delete from category but how can we see the content of the whitelist category? Hence then we know if this list is still accurate....
I do not believe it is possible to extract a full dump of the IP addresses currently contained within an IP Intelligence category; you can only check if a single IP address is in a category with the following command:
show security ip-intelligence info address <IP ADDRESS>
MarvinHi Michael, thanks for the reply we were facing an issue where an external IP is blacklisted as windows_exploit category so we created a custom category in the IP intelligence policy windows_exploit_bypass with action allow however while doing so the IP got recognized by both categories and still dropped.
When finally requesting BRighcloud to whitelist this IP address they performed it and is now allowed. This IP however is not really trusted as behind these IP exist a guest network where attacker launch attacks frequently.
So we should be able to bypass this locally as this is not a good security remediation. Other customers can now also be exposed to threats.
The category whitelist embedded on the F5 system cant be used in IPI policy, what would you recommend to do in this situation?
