For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ricardo_Raza_14's avatar
Ricardo_Raza_14
Icon for Nimbostratus rankNimbostratus
May 16, 2016

Function about ipintelligence

Hi I have a question, the ipintelligence only work with the databases where are the malicious ips or also update this databases with the IPs that F5 identify?  
AFM
IP Intelligence Services
security
DavisLi's avatar
DavisLi
Ret. Employee
May 18, 2016

I know IP Intelligence comes from Web Root databases only. By default, 5 minutes update frequency. When a packet with a malicious IP at the header is identified as malicious based on Web Root's malicious IP database, F5 appliance (AFM, ASM, Secure Web Gateway, etc) will drop the packet and not re-establish the packet to traverse further into the Data Center.

 

IP Intelligence feature is a separate subscription from F5 licenses/appliances.

 

On a side note, I use Web Root's Endpoint protection on my home PC and my PC (Not network-level) will be protected from malicious IP as well. In my opinion, my PC is also contributing to Web Root's analysis of malicious IP if any malicious IP tries to find my PC. Apart from Web Root's partners contributing data to the database, Web Root uses machine learning to traverse the IPv4/v6 space and as well as data from mobile users using Web Root's protection.