Forum Discussion

Nikoolayy1's avatar
Mar 13, 2022

F5 blocked IP address expiration without the use of the F5 table irule command ?



I was reading about Palo Alto XSOAR and I saw that for silverline you can add an ip address using the REST-API that has timeout, so the IP address will be blocked just for some time and seems great but I was wondering how this was done ? Maybe the silverline uploads the ip address to a custom ip intelligence category and there is an external script/automation that removes it after the configured by the user time or something else and it i good to know if the same can be done for the on-prem F5 devices using REST-API and not the F5 irule table command and maybe the sideband command (


Please share if you know.



The Palo Alto XSOAR example:

  • I have renembered this topic as now I have played with new F5 BIG-IP versions an IP address can manually be added to a category with a TTL using the GUI or REST API so it seems that just Silverline software as a SaaS solution was just having the latest F5 features like the new TMOS versions.



    Name Type Default Value Required Access Description ipTtl string   required read/write The IP,TTL entries to be added or removed. The format is <IP,TTL IP,TTL …>, with the TTL being optional. For example: <,100 fe::fc,200,,infinite>. tmName string   required read/write The name of the category.



3 Replies