For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Nov 02, 2015

iCall and external call

Hi,

 

I wonder if anyone used iCall to trigger external call to another device - I guess that is right tool for the job, or maybe there is some better solution.

 

Scenario:

 

  • ASM or DoS Protection is reporting violation (hope there is a way to extract IP of violation or IP from XFF)
  • iCall is triggered (via log entry?)
  • SSH or REST API call (via wget) is launched to report this IP to another device
  • Another device is adding IP to black list and blocking traffic from this IP (this is of course outside F5 realm)

Piotr

 

application delivery
deployment
design
devops
iCall
iRules
security

3 Replies

  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    I think I would use a sideband connection in an iRule for this, I think it would be easy enough. The iRule can trigger on a violation event and send a request of your own design to the device.

     

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Nov 02, 2015

    Hi,

     

    Thanks for pointing to sideband. I wonder what is more performance friendly assuming thousands (20k+) TCP connections per second?

     

    Piotr

     

  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 02, 2015

    Hard to say, but I would guess sideband connections since iRules are handled by the TMM:s. I don't know exactly how iCall is implemented but since it's part of the management side of the BIG-IP and all management processes run outside of the TMM:s and thus have limited resources compared to TMM.