Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

IP intelligence feed list for ASM/WAF?

nafooesi
Altostratus
Altostratus

‎30-Mar-2020 15:46

Hi all,

 

Just started learning about ASM and AFM via documentation. AFM seems to allow importing of external ip list into IP intelligence database, but ASM/WAF seems to use Webroot for its database. Can ASM use external feeds like AFM? OR Can ASM use another source besides webroot feed?

 

Thanks in advance for helping the noob!

 

Labels:
0 Kudos
11 REPLIES 11

Erik_Novak
F5 Employee
F5 Employee

‎31-Mar-2020 06:21

Currently, ASM/Advanced WAF only works with webroot.

Samir
MVP
MVP

‎31-Mar-2020 19:18

Yes, Can add the IP/Subnet in ASM/WAF IP intelligent database.

 

Go here* Security > Application Security > IP Addresses > IP Address Intelligence 

 

Find the below image

0691T000008GrFDQA0.jpg

0691T000008GrFIQA0.jpg

Thanks

0 Kudos

nafooesi
Altostratus
Altostratus
In response to Samir

‎31-Mar-2020 20:23

Hi Samir, thanks for replying. Yes ASM can add individual​ IP/subnet exception, but I was referring to adding an external feed with a list of IPs or Subnets for black listing.

0 Kudos

Samir
MVP
MVP

‎31-Mar-2020 20:51 - last edited on ‎24-Mar-2022 01:04 by Fog

Such configuration not seen. Go with   answer

0 Kudos

nafooesi
Altostratus
Altostratus

‎01-Apr-2020 09:20

Does Application Service 3 (AS3) extension provide any method to update feed list? https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/

0 Kudos

PeteWhite
F5 Employee
F5 Employee
In response to nafooesi

‎01-Apr-2020 12:32

no, it is for deploying config

0 Kudos

PeteWhite
F5 Employee
F5 Employee

‎01-Apr-2020 12:23

IP intelligence is a licensable feature, it uses the same feed for all related areas ie both AFM and ASM use the same feed

0 Kudos

nafooesi
Altostratus
Altostratus
In response to PeteWhite

‎01-Apr-2020 12:52

AFM does allow adding external feeds to IP intelligence though:

https://techdocs.f5.com/kb/en-us/products/big-ip-afm/manuals/product/big-ip-network-firewall-policie...

 

So if AFM enriches IPI via external feed (besides webroot), perhaps ASM could take advantage of it as well?

 

Nikoolayy1
MVP
MVP
In response to nafooesi

‎26-Jun-2021 13:41

Yes, I also wonder why you can't do this with the ASM/Adv. WAF 😞

0 Kudos

ernest8478
Nimbostratus
Nimbostratus

‎29-Jun-2021 03:27

Thanks for sharing such great information, I found very thankful and helpful information here.

0 Kudos

Nikoolayy1
MVP
MVP

‎29-Jun-2021 03:56

I am starting to wonder if by using the REST-API can a feed list be created without the AFM module. I may try in the future but if someone has tested this they can share if it works.

 

 

https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_security_ip-intelligence_info.html

 

 

 

Another way could be to use the CVS tabular imported that I am using for importing a list of bad IP addresses or using external data group and populating it or using ansible or BIG-IQ with external data groups:

 

 

https://devcentral.f5.com/s/articles/csv-tabular-data-sideband-importer

 

https://devcentral.f5.com/s/articles/populating-tables-with-csv-data-via-sideband-connections

 

 

https://devcentral.f5.com/s/question/0D51T00006aFjFFSA0/managing-datagroups-from-bigiq

 

 

There are some free lists from free or payed providers with palo alto minemeld or misp free systems.

0 Kudos
Copyright © 2023 Khoros, LLC